DevOps Essentials: Jenkins & GitLab
DevOps Essentials: Jenkins & GitLab
Table of contents
Table of contents 1
Intro 3
Authors 3
What is this book about? 4
Why Jenkins and GitLab 6
Structure of this book 6
About DevOps 7
Business challenges 7
Waterfall, Agile, DevOps 7
CI/CD 9
DevOps tools 10
Requirements 10
You as a reader 10
Hardware requirements 10
Software requirements 10
VirtualBox installation 11
Vagrant installation 11
Installing Git client 12
Verification 12
Lab environment overview 13
1
Node 63
Stage 64
Step 64
Input 68
Pipelines - advanced syntax 71
Variables 72
Functions 73
Variable + Function() == LOVE 83
For loops 84
Try, catch, finally 87
If, else if, else 88
Switch case 92
Retry 94
Parallel 97
Configuring Jenkins 98
Installing plugins 98
Updates 99
Available 100
Installed 103
Adding new users 104
2
List jobs 136
Create a Job 137
Trigger a build 139
Intro
Authors
Artemii Kropachev is a worldwide IT expert and international consultant with more than 15 years
of experience. He has trained, guided and consulted hundreds of architects, engineer,
developers, and IT experts around the world since 2001. Artemii’s architect-level experience
covers Solutions development, Data Centers, Clouds, DevOps and automation, Middleware and
SDN/NFV solutions built on top of any Red Hat or Open Source technologies. I also possess one
of the highest Red Hat Certification level in the world - Red Hat Certified Architect in Infrastructure
Level XX. Artemii’s life principles can be defined as “never stop learning” and “never stop
3
knowledge sharing”. Artemii would love to share some of his experience and knowledge via this
book.
Denis Zuev. A lot of people in the industry know Denis for his Certification Achievements. He is
holding a lot of expert-level certifications from the leading IT companies in the industry, such as
Cisco Systems, Juniper Networks, Vmware, RedHat, Huawei, and many others. Currently, he
holds the following ones: RHCI, RHCX, RHCA Level VII, 6xCCIE, 4xJNCIE, CCDE, HCIE, VCIX-
NV. You won’t be able to find a lot of people with such a diverse set of certification achievements.
Denis doesn’t have a specific area of expertise and worked in different technologies including
Networks, Servers, Storage, Cloud, Containers, DevOps, SDN/NFV, Automation, Programming,
and Software Development. He can easily describe himself with a single sentence - “Give me a
screwdriver and I will build you a rocket”. Denis worked with leading IT companies around the
globe including Cisco Systems, Juniper Networks, Red Hat, and ATT. He is a trainer and a mentor
for thousands of people around the globe, and I know how to deliver any information in an easy
manner. These days Denis truly enjoys DevOps, Automation, Containers, Software Development,
and Professional Training.
Aleksandr Varlamov is an IT expert that stood at the origins of many public cloud platforms,
high-load platforms, and challenging solutions. He is the mentor and lead of powerful and talented
engineers, designed and implemented large-scale country-level projects, lead them to success.
Aleksandr is the co-founder of technology solutions and start-ups. Evangelist of the most exciting
technological solutions, author of a Russian translation of Nutanix Bible. His expertise covers
Enterprise level architecture, Data Centers design, Public and Private Clouds, IaaS/PaaS/SaaS
services. He appreciates and enjoys solving complex issues and challenges. Aleksandr says -
every architecture solution should be stable, simple, and powerful.
Reviewers
Andrey Bobrov started his career as a network engineer and during 10 years covered a lot of
enterprise technologies in routing, switching, security, voice, and wireless directions. He has had
a lot of network certificates: CCNP, CCDP, HCNP, CCSA, and others. Several years ago he
opened for himself DevOps world and changed his career to this way. Currently, he is certified as
RHCA Level VIII and continues his work for his Red Hat certifications, because this vendor is the
leader of the market nowadays. He works as a team leader of the DevOps team and everyday
uses tools, described in this book.
Roman Gorshunov is an IT architect and engineer with over 13 years of experience in the
industry, primarily focusing on infrastructure solutions running on Linux and UNIX systems for
Telecoms. He is currently working on delivering automated OpenStack on Kubernetes – resilient
cloud deployment (OpenStack Helm) and CI/CD for the AT&T Network Cloud platform based on
OpenStack Airship; he is a core reviewer in Airship project and also a developer in other Open
Source projects.
4
something impossible and something absolutely new for most of the companies I worked with. I
was surprised that even very large corporation with 50+ thousands of servers and hundreds of
applications don’t follow DevOps best practices and don’t understand what it means. I want to
share some knowledge to allow make you familiar with common DevOps processes and tools. -
Artemii
Just recently, after taking a countless number of interviews in different companies across the
USA, I got on a call with my friends and told them this sad story that there is little to no Automation
within the largest companies out here when it comes to Network and Infrastructure teams. I got
the same feedback from my friends who work in the leading IT companies. I have a lot of requests
from my former students to teach them DevOps and Automation. This is why we started this book.
- Denis
The automation process always remained critical for our activity field - IT industry; every second
is countable and influence on business success. It is called just "scripting" decades ago, a few
years ago - "processes automation," then CI/CD. However, the idea was always the same -
provide a high level of automation, cover everything by tests, and helps the business to work and
grow up. That's why engineers need to know how to automate all processes, how to include all
necessary tests, which kinds of utilities and software can help to do that effectively. This book
provides all the necessary information to build continuous delivery and continuous integration
properly. - Aleksandr
There is quite a lot to learn. Most of DevOps components are quite important and critical for every
modern Enterprise, DataCenter or Service Provider Environment. It is not possible to cover
everything in a single book or video class, otherwise, it would be a book with 10 000 pages or
1000 hours of videos. This is why we broke it down into multiple books and video classes.
In this book, we cover a tiny but very important piece of the whole DevOps ecosystem, and we
call it “DevOps Core”.
This book is your easy way to start learn famous DevOps tools and describe why you should
choose it and how you can use it together. We are positive that this book helps to make the first
step for engineers who think about changing their career as a lot of our students did.
5
DevOps Core
6
● Intro. We introduce you to DevOps and explain what that buzzword is really about. We
also use Vagrant here to build the lab and then start learning GitLab and Jenkins.
● Getting started with GitLab. We introduce you to GitLab as a main Version Control tool.
We tell you what GitLab is and why we need it. We show you how to install, configure and
work with GitLab, that includes creating merge requests.
● Getting started with Jenkins. We introduce you to Jenkins as the main CI/CD tool. We
explain to you what Jenkins and CI/CD are. We show you how to install and configure
Jenkins. One of the most important topics where we focus and spend most of our time is
Jenkins Pipelines. Finally, we do a bidirectional integration between GitLab and Jenkins.
This is where you will see the real power of DevOps automation. Trust us, this part of the
book you will need to understand 100%. This will be our first integration point with GitLab
as well. We learn basic and advanced pipeline syntaxes along with other topics such as
Jenkins shared libraries and Jenkins API. API is everywhere, and it is not yet another
buzzword.
● Jenkins and GitLab APIs. You will learn how to manage GitLab repositories and work
with GitLab API. Yes, we will tell you what API is and how to use it in real life. We learn
how to use Jenkins API. API is everywhere, and it is not yet another buzzword.
● Making GitLab and Jenkins to work together. We go through mutual integration
between GitLab and Jenkins step by step. This is where you will see the real power of
DevOps automation. The goal is to trigger an automation pipeline by a Git event - merge
request which we will explain in details.
About DevOps
Business challenges
These days IT departments are challenged by business to be able to compete with other
companies. It is important to have the required features as soon as they are developed. All
companies are interested to reduce time and efforts to deliver change to production. DevOps
methodology allows achieving that by the highest level of automation.
7
Waterfall vs Agile vs DevOps
Waterfall approach focuses on releasing the product when it is ready for production after it’s been
designed, built, tested and finally deployed with all the features and functionality that end-user
needs. It usually means that the product is stable but it comes at a price of delayed release. It
may take one, two or even 3 years to release it. It is really hard to think 3 years ahead.
This is why Waterfall evolved into the Agile methodology, to release the product in smaller cycles
called sprints. It can be a feature or functionality, something that makes your product better with
every sprint. And sprints are somewhere in between 2 week and 2 months. It is much better
than 1 to 5 years for a full cycle as in Waterfall approach. Agile brings a concept of Minimum
Viable Product (MVP). MVP is a product with bare minimum functionality pushed to production
and ready to be used.
DevOps is another step forward in continuous deployment, where product development lifecycle
is continuously happening in an endless loop. Here is one simple example: while you are
developing your code, all the other steps like build, test and deploy phases are happening
automatically at the moment you are committing your code to the software repository. Using other
words, every commit produces a tested and certified micro release of the product which is
delivered to production automatically. It sounds impossible, but this is how DevOps works. And it
is not the only use case, DevOps made possible for Development teams to work seamlessly with
Operation teams, which was impossible with Waterfall and Agile approaches.
DevOps also enhanced the MVP concept where it is built with Agile and continuously improved
with DevOps.
Imagine that you need to automate your network deployment, server or application provisioning
from the ground up. The first thing you do, is you build a bunch of scripts that do part of the job
one by one developing these scripts as you progress. That is your MVP, and then you keep
integrating these scripts together into a single self-sufficient product that does the job. At the same
time, you keep designing, testing and deploying this product. That is DevOps. And in this book,
we are going to teach you core tools that allow you to do so.
8
CI/CD
DevOps often refers to CI/CD which stands for Continuous Integration/Continuous
Delivery/Deployment. Take a look at the diagram below.
CI/CD
9
DevOps tools
DevOps is widely used and is applicable to many aspects of any business. And because of this,
there are so many tools being used to achieve the ultimate goal and automate product delivery
process. And by product, we mean anything and everything. It can be a software development or
network deployment, or infrastructure support. Most of the work that you do on a daily basis can
be taken cared of by using DevOps techniques. As in many other automation or software
development processes, you will be required to develop your code/scripts and store it in the
source code repository, as well as test, build, deploy and use that code in an automated fashion.
GitLab and Jenkins fit perfectly for these tasks. This is why we focus on them in this book.
Requirements
You as a reader
We assume that our readers are proficient in working with their main Operating System, whether
it is Windows, Linux or MacOS and know how to use Google Search. We also assume that you
have basic Linux experience since we use CentOS/RHEL 7 heavily in this book.
Hardware requirements
We won’t need a lot of computing and memory resources for our lab, so you will be able to run
pretty much everything on your laptop if you have at least 8GB, or better if 16GB RAM. CPU is
not that very important, so whatever CPU you have should be enough. We are going to deploy a
number of virtual machines and that is why CPU virtualization support is required.
Software requirements
We use Vagrant as the main lab provisioning tool along with other scripting tools. If you are not
familiar with Vagrant, it allows for simplifying the deployment and the initial configuration of virtual
machines, by using different underlying technologies. In most cases, a plain text file called
Vagrantfile describes the parameters of the VM. Having Vagrantfile allows you to create, stop,
and destroy your virtual environment with a single command. The beauty of using Vagrant is that
we can redeploy your lab as many times as we need to, and each time, we will have the same
result.
This is how Vagrant architecture looks like at a high level.
10
Vagrant Architecture
Vagrant is an orchestration tool that uses different virtualization providers such as VMware,
VirtualBox or OpenStack behind the scenes. We use VirtualBox as the main virtualization provider
in this book because it’s free and runs on all of the most popular Operating Systems whether it is
Windows, Linux or MacOS.
VirtualBox installation
As already mentioned Vagrant is using virtualization providers behind the scene to run Vagrant
Machines. One of the most popular and free providers available in the internet is VirtualBox. You
can find all the required code and instruction at https://www.virtualbox.org/wiki/Downloads to
download and install VirtualBox. Depending on OS you are using, you might be required to reboot
your OS.
Vagrant installation
The Vagrant instructions and the software to download are available at
https://www.vagrantup.com/docs/installation/. Just download the package for your OS, and then
11
install it. Vagrant also requires a virtualization platform, like VMware, KVM, VirtualBox, AWS,
Hyper-V, or Docker. You will be required to install the appropriate virtualization platform,
depending on your operating system.
Verification
Let’s check that we have everything in place by, firstly, cloning your gitlab repo:
$ git clone https://github.com/flashdumper/Jenkins-and-GitLab.git
Cloning into 'Jenkins-and-GitLab'...
If you get any errors, they should be self-explanatory and easy to fix.
Check that you have 2 main directories for the following chapters:
$ ls -l
total 0
drwxr-xr-x@ 2 vagrant vagrant 64 Aug 22 02:00 Vagrantfile
Before we move any further, It is a good idea to check that you can bring your VMs up using
“vagrant” command. First, verify that Vagrant have found Vagrantfile and read the configuration.
$ vagrant status
Current machine states:
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
12
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider…
…
<output omitted>
…
$ vagrant status
Current machine states:
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
If everything goes well, you should see the output similar to the one above.
Now, destroy the vagrant environment we just created by running “vagrant destroy” command.
$ vagrant destroy -f
==> jenkins: Forcing shutdown of VM...
==> jenkins: Destroying VM and associated drives...
==> gitlab: Forcing shutdown of VM...
==> gitlab: Destroying VM and associated drives...
13
VirtualBox
jenkins.example.com gitlab.example.com
Jenkins GitLab service
service Git client
Git client utilities
CentOS 7 CentOS 7
utilities
eth1 eth1
172.24.0.12 172.24.0.11
172.24.0.0/24
network
172.24.0.1
MacOS
Vagrant
Windows
Host machine
14
conf.vm.box = "centos/7"
conf.vm.hostname = 'jenkins.example.com'
conf.vm.network "private_network", ip: "172.24.0.12"
conf.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
conf.vm.provision "shell", inline: $inline_script
end
end
$inline_script = <<SCRIPT
# Inline Script starts
cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain
172.24.0.11 gitlab.example.com gitlab
172.24.0.12 jenkins.example.com jenkins
EOF
This Vagrantfile defines 2 VMs (gitlab and jenkins). Both VMs have predefined IP addresses and
hostnames. Vagrantfile configures host resolution using records at /etc/hosts inside VMs.
However, it may be required to add the following records to your local hosts file:
Linux /etc/hosts
MacOS /etc/hosts
Windows C:\Windows\System32\Drivers\etc\hosts
15
Here is an example how hosts file looks like on MacOS:
$ cat /etc/hosts|grep 172.24.0
172.24.0.11 gitlab.example.com
172.24.0.12 jenkins.example.com
Start gitlab VM and verify connectivity using the commands provided below.
$ vagrant up gitlab
==> gitlab: Importing base box 'centos/7'...
==> gitlab: Matching MAC address for NAT networking...
==> gitlab: Checking if box 'centos/7' is up to date…
...
<OUTPUT OMITTED>
…
==> gitlab: Running provisioner: shell...
gitlab: Running: inline script
$ ping gitlab.example.com
PING gitlab.example.com (172.24.0.11): 56 data bytes
64 bytes from 172.24.0.11: icmp_seq=0 ttl=64 time=0.361 ms
64 bytes from 172.24.0.11: icmp_seq=1 ttl=64 time=0.369 ms
^C
--- gitlab.example.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.361/0.365/0.369/0.004 ms
Do not hesitate to play with Vagrant and practice some basic Vagrant commands. Here is the
table of most often used commands:
16
Command Description
vagrant up gitlab Create an start gitlab instance, Other instances will stay untouched
vagrant up jenkins Create an start jenkins instance, Other instances will stay
untouched
17
Getting started with GitLab
GitHub
GitHub is the largest hosted repository service in the world. You can go and freely create your
own account at https://github.com/, and create any number of public repositories that are going
to be available for everyone. You can also create private repositories but you will need to pay for
it.
GitHub is widely used in the Open Source world to share the code and work together. Many
people publish their work and allow others to freely use it. A lot of other people, use it for storing
code sample for demos or even publish the code using in the book as we are doing in the book.
GitHub is awesome and if you have something to share with the rest of the world, do not hesitate
and do that right now.
Note: A code repository is a collection of files and directories combined under a single name.
18
GitLab
Is an Open Source project that allows you to use a publicly available version at https://gitlab.com.
GitLab is not the same as GitHub. These are two different services. While both GitHub and
GitLab are repository services and have hosted version, only GitLab has an option to be installed
on a local server. That is one of the reasons why it is so popular. Not always you want or can
keep all your work on a publicly hosted servers. GitLab has two versions - Enterprise and
Community editions. The community edition is available to download and install on your server.
Enterprise edition is a paid version with additional features on top of Community edition
features. Great service when you want to bring repository management service into your data
center and host internally.
BitBucket
BitBucket is one of the Atlassian services that offers the similar repository management services
as GitHub and GitLab with additional integration features to other Atlassian services. Other
Atlassian products and services that you may have heard are Jira and Confluence.
19
BitBucket interface
Public Repos Yes (Free) Yes (Paid and Free) Yes (Paid)
Private Repo Yes (Paid) Yes (Paid and Free) Yes (Paid)
Git
Though all three repository management systems are different they have things in common, and
one of them is Git. Git is a simple code versions tracker. It allows you to work with different
repository management systems including GitHub, GitLab, and BitBucket. Git is available on all
the most popular desktop and server OS including Windows, MacOS, and Linux. You can
download the Git client at https://git-scm.com/downloads. You should already have Git client
installed on your PC.
20
GitLab installation
Before you start, we need to navigate to Github repo folder and run “vagrant up gitlab” command
to start a single VM called gitlab:
$ vagrant up gitlab
Bringing machine 'gitlab' up with 'virtualbox' provider…
…
<output omitted>
…
gitlab: SSH username: vagrant
gitlab: SSH auth method: private key
Note! The “vagrant” directory and Vagrantfile need to be created in advance
Check if VM is running.
$ vagrant status gitlab
Current machine states:
The VM is running. To stop this VM, you can run `vagrant halt` to
shut it down forcefully, or you can run `vagrant suspend` to simply
suspend the virtual machine. In either case, to restart it again,
simply run `vagrant up`.
Make sure that gitlab.example.com is accessible from your host machine. You will need to access
GitLab service via Web Browser from your host machine.
$ ping gitlab.example.com -c 3
PING gitlab.example.com (172.24.0.11): 56 data bytes
64 bytes from 172.24.0.11: icmp_seq=0 ttl=64 time=0.358 ms
64 bytes from 172.24.0.11: icmp_seq=1 ttl=64 time=0.517 ms
64 bytes from 172.24.0.11: icmp_seq=2 ttl=64 time=0.368 ms
Finally, ssh into VM running “vagrant ssh” command and switch to root user.
$ vagrant ssh gitlab
[vagrant@gitlab ~]$ sudo -i
[root@gitlab ~]#
21
Now we are ready to install our GitLab from scratch. Install gitlab repo to your VM by running the
following command:
# curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh |
bash
By running “gitlab-ctl reconfigure” it takes settings from ruby file /etc/gitlab/gitlab.rb and
automatically configures the server. For our book, default settings are enough. The installation
process takes anywhere from 1 to 10 minutes.
22
Note! GitLab installer uses Chef configuration management tool. Each time you change GitLab
configuration you need to execute “gitlab-ctl reconfigure” to apply configuration changes.
Verify that the gitlab server is up and running by running curl command
# curl localhost
<html><body>You are being <a
href="http://localhost/users/sign_in">redirected</a>.</body></html>
Connecting to GitLab
Open your browser and navigate to “http://gitlab.example.com/”. You should be able to see GitLab
welcome page. By default, gitlab server is configured to respond to gitlab.example.com.
Note! It is a general recommendation and best practice to use DNS names over IP addresses.
You can use IP addresses instead of DNS names, but there is no guarantee that everything is
going to work as expected.
Set your new password under Change your password tab. We use “DevOps123” as a standard
password everywhere. Again, no paranoia about security in this book, and more focus on
DevOps. Once you change your password, it redirects you to a login page. Use “root” as
username and the password you just set “DevOps123” in our case and then click on “Sign In”.
23
And we are logged in to our personal GiLlab server. That was quite easy we hope. Now, what do
we do with all this beauty? Right, let’s create our first repository and upload some code. Click on
“Create a project”.
Specify repo name, “first_repo” in our case, make it “public” and press “Create project” button.
24
Our first repo is created.
We have two ways of working with our “first_repo” repository via HTTP and SSH.
25
The difference between both is simple:
1. HTTP - In general, we can pull the information from the repository using HTTP transport
protocol. Once we pull the files via HTTP and make changes, we can push the changes
back using HTTP again.
2. SSH - this method uses SSH as the transport protocol. For some Linux-based
environments, this is a more secure way of GIT communications.
We will use both methods when we get to Jenkins part. Try the SSH method first.
Try to clone our first repo to gitlab VM using “git clone” command using SSH.
[vagrant@gitlab ~]$ sudo -i
[root@gitlab ~]#
[root@gitlab ~]# git clone git@gitlab.example.com:root/first_repo.git
Cloning into 'first_repo'...
26
The authenticity of host 'gitlab.example.com (127.0.0.1)' can't be
established.
ECDSA key fingerprint is
SHA256:24E8qBAxWVZMWf+cIucO5LzGBKlUq+1N684IkF/wZns.
ECDSA key fingerprint is
MD5:6d:37:cb:12:41:10:6e:17:d3:45:ed:a2:df:b2:14:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.example.com' (ECDSA) to the list of
known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
We got an error indicating that we do not have SSH Keys added to GitLab user profile. In addition
to this, in your web browser, it gives you the same information.
Time to adjust GitLab configuration to make sure we can work with it. Use ssh-keygen command
to generate SSH Keys.
[root@gitlab ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <ENTER>
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Fe4b+8a5y5wiZ/mummNxiRQa/Wdq9Il2UKL8IBXPYmE root@gitlab.example.com
The key's randomart image is:
+---[RSA 2048]----+
| .E.. |
| ..+=... |
| =o+=o |
| o.=++ o |
| oS=oO . |
| o O++ |
| =o+ . |
27
| +.=++. |
| .o*.*Xo |
+----[SHA256]-----+
This generates a pair of public and private keys that are being saved in the hidden “.ssh”
directory inside your user home folder.
[root@gitlab ~]# ls -l ~/.ssh/
total 12
-rw-------. 1 root root 1675 Sep 16 19:30 id_rsa
-rw-r--r--. 1 root root 405 Sep 16 19:30 id_rsa.pub
-rw-r--r--. 1 root root 180 Sep 16 19:27 known_hosts
In your Browser, navigate to GitLab Admin Settings by clicking on the icon at the top-right corner,
then click => Settings.
28
Finally, paste your public key from “/root/.ssh/id_rsa.pub” file to the “Key” text area and click
on “Add Key”.
29
Under “root” user, clone the “first_repo” one more time and see how it works
[root@gitlab ~]# git clone git@gitlab.example.com:root/first_repo.git
Cloning into 'first_repo'...
warning: You appear to have cloned an empty repository.
Perfect, our first GitLab repo is cloned and we are ready to move forward
Git basics
Let’s start with taking a look at Git Architecture and what we use in this book. It is okay that the
diagram below does not make much sense to you, if are looking at it for the first time. Do not
worry, you will be able to understand everything as we go through this book. When confused,
refer to this diagram, it will help you to understand what we are doing in the following labs.
30
Git architecture
The most common operations which performed while working with files under Git control are:
- add, delete, update files to the staging area
- commit files to the local repository
- Pushing, fetching and pulling changes while working with the central repository
- Rolling back the changes
31
-v, --verbose show diff in commit message template
32
You can see that README.md is under Untracked files. It basically means that we this file is
NOT under git version control.
Or
# On branch master
#
# Initial commit
#
# Changes to be committed:
# (use "git rm --cached <file>..." to unstage)
#
# new file: README.md
#
Now README.md appears under “Changes to be committed”. The “git add” command just
updates the repository index and prepares the content for next commit. At this point README.md
file is not saved to the repository on your PC yet.
Git status command tells us that there is nothing to commit because we just pushed README.md
to the local repository, it is still on our PC and not being pushed to the central repository yet,
gitlab.example.com in our case. Open your browser and navigate to
http://gitlab.example.com/root/first_repo. You won’t see any files listed in there.
33
Use git log command to verify the changes in our local repository.
[root@gitlab first_repo]# git log
commit bc58a6532c4139b6beb8c0110758dc356c96d54f
Author: root <root@gitlab.example.com>
Date: Sun Sep 16 19:47:55 2018 +0000
First Commit
That is absolutely normal, and in order to push the README.md file to our GitLab server you
need to run ‘git push’ command.
[root@gitlab first_repo]# git push
Counting objects: 3, done.
Writing objects: 100% (3/3), 238 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To git@gitlab.example.com:root/first_repo.git
* [new branch] master -> master
34
Perfect, we just made our first push to gitlab.example.com server. But there is still a lot more
things to learn.
35
# modified: README.md
#
no changes added to commit (use "git add" and/or "git commit -a")
You see that Git identified the changes in README.md, but these changes are not under version
control.
To apply the changes in the repo we need to run “git add” and “git commit” again.
[root@gitlab first_repo]# git add README.md
[root@gitlab first_repo]# git status
# On branch master
# Changes to be committed:
# (use "git reset HEAD <file>..." to unstage)
#
# modified: README.md
#
[root@gitlab first_repo]# git commit -m 'Second Commit'
[master ee46d78] Second Commit
1 file changed, 1 insertion(+)
Second Commit
commit bc58a6532c4139b6beb8c0110758dc356c96d54f
Author: root <root@gitlab.example.com>
Date: Sun Sep 16 19:47:55 2018 +0000
First Commit
Here you can see that git knows about the changes made to README.md. In our case, it says
that there were two commits with comments “First commit” and “README.md modified”. You can
also see who has done these changes and what time.
You can also check the list of files stored in your local repo with the following command
[root@gitlab first_repo]# git ls-files -s
100644 4acbdbe4e8d334035c9bb94cdf7a4c2ce945e7fb 0 README.md
36
Now let’s remove README.md from Working directory.
[root@gitlab first_repo]# rm -f README.md
[root@gitlab first_repo]# ls -l
total 0
README.md has been deleted from the Working directory and staging area (do not forget to
refer to “Git Architecture” diagram if confused), but it is still in your local git repo.
Run “git checkout” command to recover the file from local repository:
[root@gitlab first_repo]# git checkout -- README.md
[root@gitlab first_repo]# ls -l
total 4
-rw-r--r--. 1 root root 53 Sep 16 20:02 README.md
[root@gitlab first_repo]# cat README.md
This is our first project
README.me File is modified
As you can see README.md with all its content is back. Isn’t it cool?
37
Chrome, then open Firefox and register a new user filling out all required fields. Once you are
done, click Register button.
Create a new username: user with password: DevOps123. Click on Register and It should create
a new user, log you in and redirect to the main dashboard.
38
Quite similar to what we have seen when we logged in as root user. Since our first_repo
repository is public, this new user will be able to have read-only access to it.
Navigate to “Explore your public projects” -> Explore projects -> All. You should be able to
see first_repo we have recently created.
The same message at the top of the screen telling us that we won’t be able to pull or push repo
code until we add SSH keys.
39
Go back to CLI and ssh into gitlab VM using “vagrant ssh gitlab” if you happen to logout. Make
sure that you are in the directory where you have Vagrantfile for our project.
We need to generate SSH keys inside gitlab VM and upload them to GitLab “user” profile.
<OUTPUT OMITTED>
...
40
Copy and paste private keys to Key text-area, and then press Add key
41
Go back to vagrant VM CLI and clone this repo.
The new file is in there, let’s try to submit this new file to GitLab repo.
[user@gitlab first_repo]$ git add .; git commit -m 'creating user.txt file'; git push
…
<OUTPUT OMITTED>
…
GitLab: You are not allowed to push code to this project.
fatal: Could not read from remote repository.
42
Please make sure you have the correct access rights
and the repository exists.
Since first_repo was created by another user, by default all other users have read-only access
to this repository. Let’s go back to our repository under root user.
Login as root user to http://gitlab.example.com/ and navigate to Projects => Your projects =>
first_repo or simply paste “http://gitlab.example.com/root/first_repo” in your browser. And
from there to go Settings => Members.
43
Perfect, now your user should appear as a member of first_repo.
Go back to vagrant VM cli and try to push the changes one more time.
We can see that some data was pushed to first_repo at gitlab.example.com. Navigate back to
“http://gitlab.example.com/root/first_repo” and you should be able to see user.txt file to
appear over there.
44
Now you should be able to pull these changes to under root user running “git pull” command.
Exit out from vagrant VM, ssh into GitLab server and pull changes from GitLab Server VM.
[vagrant@gitlab ~]$ sudo -i
[root@gitlab ~]# cd first_repo/
[root@gitlab first_repo]# git pull
...
<OUTPUT OMITTED>
...
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 user.txt
Note: If you are redirected to an editor asking to enter a reason for merge request. Just type :wq
to exit the vi editor. Vi is an editor by default on all Linux distros and MacOS. And if you do not
have any experience with vi editor, it is going to be hard to deal with. Some people even reboot
their servers in order to get out of vi. This is how tough vi is. Use the power of Google if you got
lost at any point in time.
Check that you have both files pulled from first_repo repository.
[root@gitlab first_repo]# ls -l
total 4
-rw-r--r--. 1 root root 53 Sep 16 20:02 README.md
-rw-r--r--. 1 root root 0 Sep 16 20:19 user.txt
This what allows you to work hand-by-hand with your team members and share your work and
eventually work more efficiently. Whether you have a simple bash script, complex ansible
playbook or whole application is written in Python, you can share it with your colleagues. Or even
better, revise and update these script to do a better job.
We will work more with GitLab and you will see how it becomes one of your main DevOps tools.
45
Working with merge requests
We have seen how two people can collaborate together. In larger teams where we have software
development aspect, and this approach is not going to work well, because we will be required to
do such thing as code review, sanity checks, take care of repository structure and other related
tasks. And if we have, let’s say, 5-10 members in the first_repo, actively submitting different files
to the repo, it is going to be a total mess in a month timeframe. This is where we need to introduce
you to a concept of git branches and merge requests.
Let’s take a look at our git architecture diagram one more time and learn some new components
in there.
Git architecture
So far we have been working mostly in the working directory and everyone was happy. But
imagine that root developed a script that does something cool and uploaded it to first_repo.
46
Now imagine that vagrant VM user has taken a look at that script and thought that he can make
it better. So he pulled it from GiLlab repo and wants to change that script.
[root@gitlab first_repo]# su - user
Last login: Sun Sep 16 20:08:12 UTC 2018 on pts/0
[user@gitlab ~]$ cd first_repo/
[user@gitlab first_repo]$ git pull
...
<OUTPUT OMITTED>
...
create mode 100644 cool_script.sh
Note! We work under “user” account on the GitLab server
Git Branches
The way branches work is you switch to the exact clone of your repository and start making
changes in there. Once you are done you submit the changes back to the GitLab server in a
different branch and create a merge request. And whoever responsible for the repo is going to
review the code changes and going to approve, decline or comment on the changes you made.
Let’s see how it works in our case.
47
First, we need to switch to a new branch, let’s call it cool_script_changes. Verify that there is no
other branch with such name first
[user@gitlab first_repo]$ git branch
* master
Now create a new branch and switch to it using git branch and git checkout subcommands.
The asterisk (*) specifies the currently checked out branch of your working directory. Now let’s
switch to cool_script_changes branch.
[user@gitlab first_repo]$ git checkout cool_script_changes
Switched to branch 'cool_script_changes'
First, take a look at the content of cool_script.sh and verify that it has not been
changed since we have switched to the new branch.
[user@gitlab first_repo]$ cat cool_script.sh
echo root
Now we are ready to add, commit and push the changes back to gitlab in cool_script_changes
branch.
[user@gitlab first_repo]$ git add .
[user@gitlab first_repo]$ git commit -m 'I have modified your script and it
looks much better now'
[cool_script_changes 78031cd] I have modified your script and it looks much
better now
1 file changed, 1 insertion(+), 1 deletion(-)
48
[user@gitlab first_repo]$ git push origin cool_script_changes
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 367 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote:
remote: To create a merge request for cool_script_changes, visit:
remote:
http://gitlab.example.com/root/first_repo/merge_requests/new?merge_request%
5Bsource_branch%5D=cool_script_changes
remote:
To git@gitlab.example.com:root/first_repo.git
* [new branch] cool_script_changes -> cool_script_changes
Note that we provided a special keyword origin following by the name of the new branch.
If we open http://gitlab.example.com/root/first_repo in our browsers where we were logged
under “user”, we should see that there is now a new branch called cool_script_changes.
It means that the changes in the GitLab and we can create a merge request. Click on Merge
requests on the sidebar and then New merge request.
49
Select first_repo and cool_script_changes in source branch block and first_repo and master
as Target branch. Finally, click on “Compare branches and continue”
Now let’s make a quick write up for root user and explain what we did with the script. You may
click on “Remove source branch when merge request is accepted” button, so when the
changes are accepted by root, the branch is automatically deleted. This is very convenient, so
you do not need to delete that branch yourself.
By doing this, we are basically asking first_repo owner to review the changes we made in the
script and give us some feedback. So If we login as root and go to
http://gitlab.example.com/root/first_repo we will be able to see that there is one new Merge
request on the sidebar.
50
Click on “I have modified your script and it looks much better now”.
From there you can see all the comments and all the changes that we main by clicking on
Changes tab next to Discussion and Commits. That will show you what exactly was changed.
Note: pipeline currently in the pending state. It’s going to change once we reach the integration
part with Jenkins.
51
If you think that there is something wrong with this new version of the script than you can click on
Discussion and make a comment stating your concerns. You can also confirm the changes in
the comment and finally click on Merge Immediately button.
This is just one of the use cases how you can use your GitLab with branches and merge requests.
In the reality there are hundreds or maybe even thousands of use cases.
52
Getting started with Jenkins
In this Chapter, we talk about Jenkins as the main CI/CD tool to automate your main tasks. We
admit that there is 1001 different tool available on the market which can help you to achieve your
final goal. But we have chosen Jenkins for its popularity, flexibility and openness to the Open
Source community. We have experience working with other tools, but Jenkins has proven to be
a problem solver for most of the challenges we have faced in our carrier.
About Jenkins `
So what is Jenkins and What is CI/CD? Let’s do one by one:
1. Jenkins is a simple yet powerful automation Server written in Java that uses Groovy
language to build Automation Pipelines. We give you enough examples later in this book
so you fully understand what it means and how to use it.
2. CI/CD - Continuous Integration / Continuous Delivery / Continuous Deployment - while it
sounds futuristic, CI/CD is an automated workflow on a high level.
In other words, Jenkins is a simple yet powerful scheduler, that makes our life 10 times easier
and you will see how and why later in this book.
Installing Jenkins
Installing Jenkins is very straightforward and does not take much time. Just follow the instruction
below and you have it up and running shortly.
First, we need to navigate to the GitHub repository we have cloned previously. The repo contains
a Vagrantfile which we described at the beginning of this book.
Start the Jenkins machine:
$ vagrant up jenkins
Bringing machine 'jenkins' up with 'virtualbox' provider…
…
<OUTPUT OMITTED>
53
…
jenkins: Complete!
Jenkins is written in Java and heavily dependent on it. So the first thing we need to do is to
install java development kit.
[root@jenkins ~]# yum install java-1.8.0-openjdk -y
…
<OUTPUT OMITTED>
…
Complete!
Install Jenkins repo and gpg keys, and then install Jenkins.
[root@jenkins ~]# curl http://pkg.jenkins-ci.org/redhat/jenkins.repo >
/etc/yum.repos.d/jenkins.repo
And finally, start Jenkins service and make it persistent throughout the reboots.
54
Verify that Jenkins service is running and listening on port 8080.
[root@jenkins ~]# curl localhost:8080
<html>
...
<OUTPUT OMITTED>
....
Authentication required
...
<OUTPUT OMITTED>
....
</body></html>
Great job. Now open your browser at “http://jenkins.example.com:8080/” and you should be
redirected to Jenkins initialization page.
Copy the password from the path above and paste into the “ Administrator password” text area
and press Continue.
[root@jenkins ~]# cat /var/lib/jenkins/secrets/initialAdminPassword
c713bfe0e3d74853b2df070b0f74dd7e
Jenkins has a concept of using different plugins to do the job. These plugins are written by the
Jenkins community and available at https://plugins.jenkins.io/. In our case, we install suggested
plugins to get started. Later in this book, we will learn how to install additional plugins with Jenkins.
Click on “Install Suggested Plugins” to proceed with the initialization.
55
It will start plugins installation process.
Once finished you will be redirected to the user creation page. Create a user named “jenkins” as
on the picture below and click “Save and Continue”.
56
Note: It is also a common practice to create “admin” user first. But it can be anything else. In our
case, we use “jenkins” as our first user.
57
Then click on Start using Jenkins.
58
Pipelines overview
As we mentioned before, Jenkins works mainly with pipelines. And a pipeline is just a sequence
of steps that are executed in a specific order. It is a workflow like shown below:
Imagine that you need to automate the process of uploading and applying configuration settings
to a set of servers or networking devices. Or another scenario where you want to add a new
server, VM or networking device. One more example, if you need to deliver application from
source code to production systems where only RPM changes are allowed. How would you do it
without Jenkins? We can see two options here:
1. Do it all manually, meaning that you need to develop the configuration files or settings and
apply them one by one verifying that it all works as expected.
2. Another option is to develop one or a set of scripts to do the same job.
The second option, of course, is preferred and you do not need Jenkins for this. And you can
execute these scripts one by one to do the job.
This is where Jenkins comes into the picture. Jenkins will take all these scripts, form a workflow
and run them in the order you specify. And when you have new configuration available, or a new
device in your network. Jenkins will start the pipeline and provision, configure and deploy and
configure it automatically. Isn’t this great? And this is what we will teach you.
59
Type “pipeline1” in pipeline text area and choose Pipeline, and click OK. We are not interested
in all other options in this book, simply because they are not that popular in comparison to
Pipeline.
That will redirect you to pipeline1 settings. There is a lot of settings, but you may safely ignore
them for now. We cover some of them as we go.
Scroll all the way down to Pipeline section, click on “try sample Pipeline...”, choose “Hello
World” and click “Save”.
60
And your first pipeline is created. It was not that hard, right? Now start your pipeline clicking on
“Build now”.
Once you start your first build, you should be able to see a new build appeared in Build History
on the mid-left side of the screen.
You are also going to see the warning message telling that we need to define stage step in the
Pipeline. We will talk about this more in a moment. For now, click on the #1 in the build history.
61
Take a look at the pipeline sidebar and its different options, we are going to use them later in
this chapter.
If you examine output, you see “Hello World” message that was generated by our example
pipeline. Before we build something cool that you can actually use in real life, we need to learn
Groovy. Groovy is a scripting language that Jenkins Pipelines are using to build a workflow.
Groovy - Basics
The Groovy scripting language is the very essential piece of Jenkins automation. Whether you
want to make a simple-to-use one-step-pipeline or a complex 100+ steps pipeline running different
tasks on different machines, you use Groovy. If you are new to Groovy, no worries, you will learn
Jenkins pipeline syntax with Groovy step by step.
There are two ways to describe write Jenkins pipelines. Using Scripted and Declarative syntax.
Declarative syntax is rather new and not widely used yet, that is why we focus on Scripted
syntax. Just to give you an idea about the difference between both syntaxes, let’s take a look at
the simple
62
Scripting syntax Declarative syntax
node { pipeline {
stage('Hello') { agent any
echo “Hello World” stages {
}
stage(“Hello”) {
}
steps {
sh "echo Hello World"
}
}
}
}
You can see the difference between just looking at these simple pipelines. Now imagine that your
pipeline consist of 50+ steps and even more conditions. This complexity will multiply by the
number of steps, stages and different condition you have.
As you may notice, Jenkins pipeline is hierarchical, structured and described within curly braces
{ }. It is hard to keep track of all this hierarchy when you have a complex pipeline, so we
recommend you to use a code editor such as Atom or Visual Studio Code. They highlight code
syntax. Here is how the same code below looks like with Visual Studio Code.
It looks much nicer and you can actually keep track of nested braces { } and not being lost while
building your pipeline.
Note! You can download Visual Studio Code from https://code.visualstudio.com/download. You
will be required to install groovy syntax plugin, but that is out of the scope of this book.
Node
Going back to scripted syntax. From the example above you can see that our very first block is
called node. The node block describes where Jenkins is going to run this pipeline. By default,
Jenkins server is being used and it’s called master node.
In our case, two examples above are the same.
63
This helps when we have a lot of tests or we need to distribute the workload between several
Jenkins nodes that may be located in different places. For example, when you have several Data
Center, you would want to jobs to be locally executed within a Data Center. Node is usually at the
highest level of the hierarchy, but not always.
Stage
node usually consists of one or several stages, for example, build, configure, test, deploy. Each
stage can have more steps. Let’s build our first pipeline where we add a new switch or server to
our network. First, we need to identify the steps.
Let’s create a set of stages at a high level and define in the pipeline. We came up with 6 main
stages in this project.
node('master') {
stage('Detect') {
}
stage('Build') {
}
stage('Configure') {
}
stage('Test') {
}
stage('Deploy') {
}
stage('Finalize') {
}
}
Note that stage names are completely arbitrary, meaning you can name them as you are willing
to.
Complex pipelines may need to execute different stages in different locations. In that case, a
stage will be the parent object.
Step
Each stage has one or more steps. Let’s fill every stage with a set of steps using Jenkins pipeline
built-in echo command. As you may have guessed it echoes some message to pipeline output.
This is a perfect tool to make a placeholder for pipeline stages.
64
Navigate back to Job Configuration at http://jenkins.example.com:8080/job/pipeline1/configure
and update our pipeline with the following content.
node('master') {
stage('Detect') {
echo "Detect a new switch in the network"
echo "Check DHCP leases for a new IP address from a pool of management IPs"
echo "use SNMP or ssh with default credentials to get switch/server info"
}
stage('Build') {
echo "Generate switch/server configuration using jinja2 templates"
echo "Run syntax checks and lint tests"
}
stage('Configure') {
echo "Upload configuration files"
echo "Install required packages"
}
stage('Test') {
echo "Run smoke tests"
echo "Run functionality tests"
echo "Run regression tests"
echo "Run compatibility tests"
}
stage('Deploy') {
echo "Update device inventory"
echo "Add device to monitoring tool, security center and syslog server"
}
stage('Finalize') {
echo "Create a PDF report based on the pipeline workflow and its results"
echo "Send an email, text and message to Slack to notify the interested
parties"
}
}
It looks much better now. It’s time to test it out. Open your browser at
http://jenkins.example.com:8080/job/pipeline1/ and click Build Now.
65
As a result, you should be able to see the pipeline represented in graphical format.
These are the steps we have just defined.
You can check build logs by clicking on build number. In our case #2 and then Console Output.
That will show the fully consolidated log for this build.
66
Executing shell scripts using “sh”
This is all good, but echo command does not really do anything. We can fix it with pipeline sh.
Sh runs commands you specify in the Linux shell. It can be pretty much anything, whether you
want to run ping command, or get information from the file, or even run bash or ansible-playbook,
sh command is to the rescue. It makes automation simple and elegant.
67
Now you can replace all the echo and sh commands with the scripts that you may already have
as a part of your day-to-day job. If you do not have any, it is going to be a good exercise to develop
them and see how Jenkins Pipelines make your job easier.
Input
Another basic command that we want to show you is input. The purpose of this command is to
stop pipeline execution and wait for user input. In our example, we inject Approval stage in
between Test and Deploy stages. The purpose of it is to review all the logs and make sure that
our Jenkins pipeline works as expected and all the scripts passed executed and gave us positive
results.
...
stage('Test') {
echo "Run smoke tests"
echo "Run functionality tests"
echo "Run regression tests"
68
echo "Run compatibility tests"
}
stage('Approval') {
input "Please check if we are good to go before we push into production."
}
stage('Deploy') {
echo "Update device inventory"
echo "Add a device to monitoring tool, security center, and syslog server"
}
...
Once build is started you should be able to see Approval stage appeared in the pipeline workflow.
It is waiting for our Approval to proceed further.
69
Before we do that, navigate to pipeline output and verify that we have our scripts executed and
working properly with no unexpected behavior.
Note that you can also move forward by clicking Proceed. Once you Approve the stage.
70
Go back to by clicking on “Back to Project” in the top-left corner of the screen.
Take a look at the pipeline. You should be able to see Approval stage in between Test and
Deploy stages.
You will learn more about pipeline syntax in the following section.
71
Variables
Quite often we need to work with dynamic data in Jenkins and variables are very useful in this
way. Let’s take a look at the example where we need to run a simple pipeline. And at the end of
the pipeline, we need to create a file and put there date and time the job was started and finished.
And it has to be done only if the pipeline was approved. The best way to do that is going to be
using variables. Creating a variable is easy. Usually, the following structure is being used:
<variable> = <value>
This command creates a variable called “var1” with a value of “value1”. There is not much that
we can do with this because this value is static and we can just use “value1” directly.
Instead of this, we will run “date” command and store its value in a variable that we can later use.
We will also create a variable called timedate_start and timedate_end and store the results in
different variables. There is a caveat though, we will need to access specific sh parameter called
“returnStdout” and set its value to true. This will slightly change the syntax.
timedate_start = sh script:"date", returnStdout:true
We do not discuss all the different attributes at this moment, but we will get back to this topic later
in this book.
Next step is to access the data stored in timedate variable. In different situations, we use different
ways to extract the data from variables. In this case, we use the following structure
“${VARIABLE}”. In our case it looks like the following:
echo "${timedate}"
Note: double quotes are required and it won’t work with single quotes or without them.
Let’s see this in action. We modify our pipeline to make it shorter and easier to understand.
node('master') {
stage('Detect') {
// Making timestamp at the beginning of the job.
timedate_start = sh script:"date",returnStdout:true
72
input "Please check if we are good to go before we push in to production."
}
stage('Finalize') {
// There are placeholders for real tasks
echo "Create a PDF report based on the pipeline workflow and its results"
echo "Send an email, text, and message to Slack to notify the interested
parties"
Note: double forward-slashes (//) are using to make comments in the code. It is a best practice
to explain your code as you work on it. In the future, it will help you to avoid confusions and allow
others to use your work.
Save the results and start the build. Once you approve it, then navigate to build logs and check
the results. You should see the following:
You see that the job started at 00:37:12 and ended 7 seconds later. You can achieve great things
with variables and we use variables more and more as we go.
Functions
Next important topic is a function. The main purpose of a function is to make your code reusable
and more readable.
73
For example, you want to send messages to your Slack channel and notify project users on the
progress. Before we jump into building notification with slack, we need to discuss how to build a
function. Function usually has the following structure:
def <function_name>(<parameter1>,<parameter2>,...) {
<place your code here>
}
It’s confusing we know, so let’s replace it with the actual example, see how it works and then
figure out how it works step by step.
Example1:
def run_ls() {
ls = sh script:"ls -l /",returnStdout:true
echo "${ls}"
}
Function definition starts with def (short for define), following by function name and round braces
(). Round braces are used to define parameters. We work with parameters in just a moment. The
last and final part is function body enclosed with curly braces { }, where we define our code for
the function. So the structure is very easy.
To execute/call this function we just need to specify its name with round braces run_ls(). Round
braces () basically tell Jenkins that run_ls is a function with no parameters.
Let’s update our pipeline to use this new function we have just created.
def run_ls() {
ls = sh script:"ls -l /",returnStdout:true
echo "${ls}"
}
node('master') {
stage('Init') {
// Making timestamp at the beginning of the job.
timedate_start = sh script:"date",returnStdout:true
run_ls()
}
stage('Finalize') {
// Taking timestamp at the end of the job
timedate_end = sh script:"date",returnStdout:true
74
}
Save the changes in Jenkins pipeline, run the job and check Console Output.
Good, now we can call this function at any point in the pipeline workflow. There is a problem
though.
Whenever we call run_ls() we end up seeing the content of the / directory with the same ls
options. What can we do to change this behavior? Function parameters to the rescue. We will
modify run_ls() function and add two parameters, one of them is going to represent ls command
options and another is going to represent one or more arguments.
Note: Linux command syntax usually looks like command option argument, where:
● Command - executable (ls, cd, echo, kill, etc)
● Option - changes command behavior and starts with one or two dashes (-) e.g. -l -a
● Argument - something command operates on, e.g /tmp ~ /var/log
75
ls = sh script:"ls ${options} ${arguments}",returnStdout:true
echo "${ls}"
}
node('master') {
stage('Init') {
// Making timestamp at the beginning of the job.
timedate_start = sh script:"date",returnStdout:true
// checking /tmp directory content
run_ls('-l','/tmp')
}
stage('Finalize') {
// Taking timestamp at the end of the job
timedate_end = sh script:"date",returnStdout:true
In this example, we are calling run_ls('-l','/tmp') function and specifying two parameters
separated by comma (,). These two parameters are passed to the function we defined at the very
beginning and they become variables within this run_ls() function. This will be equal to:
options = “ls -l”, arguments = “/tmp”. And then we are using these variables in sh command.
Now save the pipeline, start the build and check Console Output.
76
This is just perfect. Exactly what we wanted to see. And our code is clean and reusable. Perfect!
Now we are ready to write something really cool that will help you on a daily basis. We will write
a function that does an API call to Slack and sends the progress on our pipeline progress.
Slack is a popular online messenger. You can learn more at https://slack.com/.
Before we create a function that sends a message to the Slack channel, we need to create a new
workspace and generate API token. Navigate to https://slack.com/create and create your slack
workspace. First, you will need to provide your valid email and click Next
77
Set your password.
78
On the following step press “Skip For Now”
On the following step click on “continue in browser”. You can Download slack for your platform
as well, but this is not necessary.
It is going to redirect you to your workspace and start the tutorial. You may skip tutorial it if you
want. That is what we did in any case.
Now we have our first channel up and running and ready to generate API token and make our
first API call with Jenkins. Leave this browser tab open, we will need it later.
79
In the pop-up menu name your App and choose group we specified earlier.
The next step is to enable incoming hooks. We use hooks more often with different applications
Including Jenkins and GitLab later in the book.
Authorize the App we have created to post #general channel in our Slack workspace.
80
Finally we will have our API token Generated.
Copy the test Url and put it to Vagrant VM cli to check that we can now communicate with Slack.
# curl -X POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}'
https://hooks.slack.com/services/TBXGELZMM/BBXR2NS0N/1Xvox150V1ke83TW0YBde
m68
Note: that you will be given a URL with a different token when you create your slack app.
Go back to slack channel you are created, You should be able to see the test message.
Hooray, you just made an API call. It is time to integrate it with Jenkins. Create a new function
and then update pipeline to send messages on pipeline progress.
81
}
def slack_notification(step) {
progress = '='*(25*step)
// YOU WILL HAVE TO USE YOUR OWN TOKEN IN URL BELOW
sh """curl -X POST -H 'Content-type: application/json' --data '{"text":" Job
progress: ${progress} ${25*step}%"}'
https://hooks.slack.com/services/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"""
}
node('master') {
stage('Init') {
// Making timestamp at the beginning of the job.
timedate_start = sh script:"date",returnStdout:true
// checking /tmp directory content
run_ls('-l','/tmp')
82
slack_notification(4)
}
}
We defined a function called slack_notification() that takes one parameter called step and then
it just makes an API call with slack.com to send a custom message. Save this code in our Jenkins
job, start the build and navigate back to the Slack workspace you have created.
Now you can invite your friends or colleagues to your slack workspace and start building great
automation tools and work together.
node('master') {
stage('Init') {
// Sending pipeline progress to slack
response = slack_notification('We are at Init stage')
echo "${response}"
}
}
You can see that we have a special keyword “return” within a function. It returns a value of
variable “result” back to where we call this function. And we are calling this function and storing
its result in “response” variable. And then we can do whatever we want with the results.
Now save the pipeline, start the build and check Console Output.
83
For loops
Loops are one of the essential components of every programming or scripting language, and
groovy is not an exception. What is the use case you may ask? The simplest one would be to
update a configuration on all your devices in the network. We need to create a simple pipeline
that simulates this behavior. There are several ways how you can construct a for loop in Jenkins.
Let’s take a look at these examples, so you can pick the one you like and use that structure
throughout the book.
Option 1:
// Define a list of hosts to work with
list_of_hosts = ['1.1.1.1','8.8.8.8','google.com','redhat.com','cisco.com']
for(host in list_of_hosts) {
sh "ping -c3 ${host}"
}
This option syntax is quite easy to understand. We have a list of hosts and we want to iterate over
it and just ping every host in that list. The syntax of this for loop is close to a function syntax thus
the easiest to understand. It basically says, “ For every host in list_of_hosts ping that host.
Option 2:
// Define a list of hosts to work with
list_of_hosts = ['1.1.1.1','8.8.8.8','google.com','redhat.com','cisco.com']
Option 2 has slightly different syntax, that is easy to understand but hard to remember especially
with all these arrows ->.
84
Option 3:
// Define a list of hosts to work with
list_of_hosts = ['1.1.1.1','8.8.8.8','google.com','redhat.com','cisco.com']
Another option that is easy to understand, and close to Option 1, to the exception that we have
this “String” statement that puts a lot of people to confusion if you have no prior experience with
Java.
Option 4:
// Define a list of hosts to work with
list_of_hosts = ['1.1.1.1','8.8.8.8','google.com','redhat.com','cisco.com']
This is the most flexible way. It has a C language syntax to form a for-loop. This may be difficult
to understand if you’ve just started learning programming languages.
This is why we stick with Option 1, but if you are comfortable with Other options, feel free to use
them.
node('master') {
stage('Start') {
// pinging every host in the list
for(host in list_of_hosts) {
sh "ping -c3 ${host}"
}
}
stage('Finish') {
// Generating a new message for every host.
for(host in list_of_hosts) {
85
sh "echo This message is generated for: ${host}"
}
}
}
Save the pipeline, start the build and check Console Output.
In the Start stage, we are running ping command for all the hosts in the list.
And in the Finish stage, we generating messages for the same hosts.
This pipeline does a great job automating routine tasks when you need to work with a large
number of devices. But if one of the hosts is going to be unavailable, then everything breaks. How
do we fix it? This is where error handling with try, catch, finally comes handy.
86
Try, catch, finally
The concept of try, catch, finally is not new as well and quite often used in conjunction with for
loops and if, else statements that we cover in the following section. The structure of try, catch,
finally is similar to what we have seen already:
try {
<INSERT YOUR CODE HERE>
} catch ( err ) {
<INSERT YOUR CODE HERE>
} finally {
<INSERT YOUR CODE HERE>
}
Note: catch and finally blocks are optional.
Save this code in our Jenkins job, start the build and check Console Output.
In this example only try and finally blocks are being executed because there are no errors. Let’s
update the code to simulate the failure.
node('master') {
stage('try_catch_fin') {
try {
// simulating error
sh "false"
87
} catch ( err ) {
echo "If an error is caught this block, this block is executed "
} finally {
echo "This code is executed always"
}
}
}
In this output, we can see that the error is caught in try block, and then catch block is executed,
and then finally block is executed in any case. This helps to handle any errors and change your
code behavior.
88
Save this code, run the build and go to Console Output.
Sometimes it is required to handle complex conditions. This can be achieved by “if-else”. The
full syntax of it looks like below:
If ( condition) {
<INSERT YOUR CODE HERE>
} else if (condition) {
<INSERT YOUR CODE HERE>
} else {
<INSERT YOUR CODE HERE>
}
Note: “else if” and “else” blocks are optional
89
}
You see it says “ping to host was successful” because ping command returned status code 0,
which means that the command ran successfully with no errors. Change google.com to something
that does not exist (e.g. google1.com) and run the pipeline one more time. You should see the
following.
node('master') {
stage('if_else') {
for(host in list_of_hosts) {
status = sh script:"ping -c3 ${host}",returnStatus:true
if (status == 0) {
echo "ping to ${host} was successful"
} else if (status == 1) {
echo "ping to ${host} was NOT successful"
} else {
90
echo "There was some other error while pinging ${host}. Exit status
code: ${status}"
}
}
}
}
See that different hosts are getting different results and if else conditional statements are working
properly.
91
Switch case
There is another way how to make conditional statements like if else. It is called switch case
which in many cases better than if else statements. We are not going to deep dive into the
difference on a low level, but rather show you how it works.
The syntax is very straightforward. In the beginning, we store variable or value inside round
braces () of switch statement, and then we check if that value matches the conditions or values
in case statements. If there is a match, the code inside the curly braces is executed, if there is
no match, then default statement is executed.
In this example, we are matching “just_a_string” value inside switch statement with all the
values inside the case statements, and since there is no match, then default statement is being
used. Check out the Console Output once you save and run this code in Jenkins.
92
Check how it works with for loop statement.
for(host in list_of_hosts) {
switch (host) {
case '1.1.1.1':
echo "It is an IP address"
break
case ['cisco.com','juniper.net']:
echo "It is cisco.com or juniper.net"
break
default:
echo "It is something else"
break
}
}
Here we define a for loop statement that evaluates every element in the list list_of_hosts
against the values inside of case statements. Console Output shows us the following.
Though it is quite easy to use switch case statements, still if else statement is predominant in
conditionals in pretty much any programming or scripting language out there.
93
Retry
Retry is a good option when you want to run some specific step or the whole stage several times
before you consider it failed. It is quite useful when you are using unreliable links to execute some
commands, or you are making an API call to a system that fails from time to time for an unknown
reason (in most of the cases it means that their code suck, but no one never admits that). The
structure of retry statement is quite simple.
First, create a simple pipeline that has a 33% chance to fail while running.
// doing some magic to enable randomizer
Random rand = new Random()
my_list = [true,true,false]
node('master') {
stage('no_retry') {
for(host in list_of_hosts) {
index = rand.nextInt(3)
echo "Checking ${host}"
sh "${my_list[index]}"
echo "${host} is alive"
}
}
}
94
Note: Since there is a 33% chance to fail, you may have the completely different result. In my
case, I was extremely lucky to get 4 true results in a row.
node('master') {
stage('retry') {
for(host in list_of_hosts) {
// injecting retry
95
retry(5) {
index = rand.nextInt(3)
echo "Checking ${host}"
sh "${my_list[index]}"
echo "${host} is alive"
}
}
}
}
Once we got a false, retry automatically tries to return the code in curly braces { } for the number
of times we specify in the round braces ( ).
96
Parallel
So far we did all the works in a serial manner, which means that all the steps in any stage are
going to be executed one after another. But sometimes we need to run several steps or stages in
parallel. One of the examples is in testing environments you need to run traffic generator and
check devices under the tests for specific output simultaneously. This is where parallel plays a
great role. The syntax of parallel statement is easy to understand.
parallel(
<stage_name>: {
<PLACE YOUR CODE HERE>
},
<stage_name>: {
<PLACE YOUR CODE HERE>
}
)
In the pipeline below we run ping commands in parallel. The first section is going to run one ping
command for 10 seconds, and another section is going to run 5 ping commands for ~2 seconds
each.
list_of_hosts = ['1.1.1.1','8.8.8.8','google.com','redhat.com','cisco.com']
node('master') {
stage('parallel') {
parallel(
'generate some traffic': {
sh "ping -c 10 8.8.8.8"
},
'running tests': {
for(host in list_of_hosts) {
sh "ping -c 2 ${host}"
}
)
}
}
If we would be running these both sections in sequence, the total time would be ~20sec.
In our case, the whole job takes 10 seconds.
97
Though in the job logs we see that a summary is more than 10sec.
Using a different combination of pipeline advanced syntax, you will be able to cover 75% of all
the tasks in your day to day DevOps routine. So, where do you get the rest 25%? We are going
to leave this for the books we are about to release because it goes beyond the basic and
advanced techniques.
Configuring Jenkins
We know how to create and write powerful pipelines in Jenkins, but we have not touch Jenkins
configuration at all. In this section we work with Jenkins Plugins, learn how to add users, and
create new slaves.
Installing plugins
Jenkins is a powerful CI/CD tool that is being widely used all around the globe. While, in our
opinion, the software itself is purely written, full of bugs and features, and does not have a
comprehensive documentation, it’s still being the most popular CI/CD tool in the world. It is all
because of Jenkins community support and thousands of plugins available. Jenkins has plugins
for pretty much everything you could imagine. And if there is no plugin you are looking for, you
can always write your own. Jenkins plugins are written in Java, so this is required, but it is never
too late to learn something new.
We are not going to teach you how to write plugins because it would be way too advanced, but
rather show you how to install and use some of the plugins we use in this book.
Installing the plugins is actually the easiest part of all when it comes to Jenkins. Our very first
plugin is going to be a one-click installation and going to bring huge Jenkins user experience, and
you will see why in a moment. First.
From the Jenkins dashboard at http://jenkins.example.com:8080/, navigate to “Manage Jenkins”
98
And then go to “Manage plugins”
Updates
On the tab called Updates, we can select and update currently installed plugins to the latest
version. But do not run to update all your plugins if there is a new release available. A lot of these
plugins are written by the community and have dependencies. So there is no guarantee that the
update will work better. Luckily, we can rollback an upgrade, we are going to talk about this in a
bit.
99
Before you update any installed plugin, always check plugin changelog and release notes. You
can do that by clicking on the plugin name. That will redirect you to the plugin page.
If it happens that you install a plugin and it does not work as expected or break something up,
you can rollback to the old version on the Installed tab.
Available
You can install all the plugins here. There is a quite a lot of plugins available, over 1500 at the
time of writing this book. How do we find the plugin you need? We can use filter text area to
narrow down your search or you can go to https://plugins.jenkins.io/ and search a plugin by using
different criteria available for you.
100
We need to install a couple of plugins, we were able to find one by using filter text area in Plugin
Manager and another use by sorting by the relevance in user interface plugins.
Once you select both plugins, click on Download now and install after restart. You will be
redirected to the installation progress page. Scroll all the way down and select Restart Jenkins
when installation is complete and no jobs are running.
Wait for Jenkins to reboot and come back to the operational state.
101
Blue Ocean is the most popular Jenkins user experience plugin and GitLab plugin is a plugin that
allows smooth integration with GitLab that we integrate within the next Chapter.
First, let us show you the difference between Standard and Blue Ocean views. Navigate back
to Jenkins dashboard at http://jenkins.example.com:8080/ and click on Open Blue Ocean.
We have only one pipeline so far. Now click on pipeline1. That will redirect you to pipeline1 jobs
history.
What an improvement compared to the standard view. On this page, we can see the Jenkins jobs
summary. Click on the very top one. This should be the job where we used parallel statement.
102
It looks way better than Standard view and increases user experience.
Blue Ocean plugin is very powerful, and it can be a separate book written just on Blue Ocean. So
we are not going to cover all the functionality, but rather show you the power of Jenkins plugins.
You can just click on this icon and that will get you back to the standard view.
We are also going to cover gitlab plugin configuration and integration pieces in the following
Chapter.
Installed
Go back to the Plugin Manager at http://jenkins.example.com:8080/pluginManager/ and choose
Installed tab. This is where you will be able to see all the plugin installed on this Jenkins server.
You can also disable and uninstall the plugins from here, and sometimes you can downgrade
plugins to previous versions if there is a need.
103
You can see that some plugins you can disable, and some of them you can not. The reason being
is that some plugins have dependants, meaning that some plugins are dependant on this plugin
and you will need to uninstall them first. You can hover the mouse cursor over the checkbox and
hold it for a couple of seconds before the help box appears on the screen.
104
That will give you a simple Jenkins user registration page. Create a user called gitlab filling all
the fields and press Create User. Use “DevOps123” as password.
Now we can log out and login as gitlab user to verify the credentials. Press log out at the top-
right side of the screen.
By default, there is no difference between users in Jenkins. They all have full control over Jenkins
server. You can verify this by navigating to Manage Jenkins from the home page at
http://jenkins.example.com:8080/ and then choosing Configure Global Security.
105
You will see plenty of settings, but the default ones are to use Jenkins’ own user database and
Logged-in users can do anything.
Jenkins security goes beyond the scope of this book, and we will cover this topic in our future books and
video classes.
106
Jenkins and GitLab API
This chapter explains how to work with GitLab and Jenkins APIs.We encourage you to study this
Chapter, though you may skip it if it is not a subject of interest for you. This chapter allows you to
understand Jenkins or GitLab better on a low level.
Why API?
Most of the modern applications provide HTTP-based APIs which allow communicating with
application programmatically. It allows creating a Python-based application or even a simple bash
script which will trigger Jobs in Jenkins or create/delete GitLab entities. API is a simple way of
software integration. We are not going to cover everything, but rather give you a basic level
knowledge which you can use in your current or future projects to build something awesome.
You can also access API using different tools and script languages. Curl is one of the simplest
ways to send and receive data via HTTP/HTTPS.
The curl utility supports GET, POST, PUT and DELETE request types which are leveraged by
GitLab and Jenkins APIs to manage entities. Usually, we use GET to receive information, POST
update and create entries and DELETE to delete an entity. Curl sets request type to GET by
default (if no HTTP methods are provided). The following examples are equivalents:
$ curl http://gitlab.example.com/api/v4/projects
$ curl -X GET http://gitlab.example.com/api/v4/projects
107
Both GitLab and Jenkins accept and return JSON objects. The output above is quite difficult to
follow. For this reason, we recommend using json.tool python method to display output in a
human-readable format like shown below:
[vagrant@jenkins ~]$ curl http://gitlab.example.com/api/v4/projects |
python -m json.tool
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
100 716 100 716 0 0 11866 0 --:--:-- --:--:-- --:--:--
11933
[
{
"avatar_url": null,
"created_at": "2018-09-16T19:21:50.385Z",
"default_branch": "master",
"description": "The first GitLab Repo",
<OUTPUT OMITTED>
"web_url": "http://gitlab.example.com/root/first_repo"
}
]
Now data is sorted and readable. Note that json.tool doesn’t change the data, it rather
represents json objects properly using indentations which is more appealing for a human eye.
The example above is well formatted but still contains some unwanted data - curl download
statistics. You can remove that by using “--silent” curl option:
$ curl --silent http://gitlab.example.com/api/v4/projects | python -m
json.tool
[
{
"avatar_url": null,
"created_at": "2018-09-16T19:21:50.385Z",
"default_branch": "master",
"description": "The first GitLab Repo",
<OUTPUT OMITTED>
"web_url": "http://gitlab.example.com/root/first_repo"
}
]
So, now the output is well formatted and doesn’t contain any unwanted information. We will use
option “curl --silent” in all examples to avoid showing curl download statistics.
Sometimes, we need to understand HTTP return code as well as some other important debug
information. This is available using “--verbose” curl option:
108
$ curl --silent --verbose http://gitlab.example.com/api/v4/users
* Trying 172.24.0.11...
* TCP_NODELAY set
* Connected to gitlab.example.com (172.24.0.11) port 80 (#0)
> GET /api/v4/users HTTP/1.1
> Host: gitlab.example.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx
<OUTPUT OMITTED>
<
* Connection #0 to host gitlab.example.com left intact
{"message":"403 Forbidden - Not authorized to access /api/v4/users"}
Note: The example above returns 403 Forbidden - Not Authorized.
109
Note: python -m json.tool is not required anymore since jq formats output properly.
The “jq” utility allows to perform JSON queries and access only data items we need. This great
feature treats JSON as a database and asks you to write a query to access data items. For
example, if we need only ssh_url_to_repo property, we may access it using the following example:
$ curl --silent http://gitlab.example.com/api/v4/projects | jq
".[0].ssh_url_to_repo"
"git@gitlab.example.com:root/first_repo.git"
Do not memorize jq syntax, but rather try to understand the way it works. In short, it is similar to
how you would parse lists and dictionaries in python, using index numbers and key names. Check
jq documentation for more: https://stedolan.github.io/jq/tutorial/
GitLab API
GitLab comes with well-described API which allows performing all activities related to GitLab
repository management. You can always refer to “https://docs.gitlab.com/ce/api/” or
https://docs.gitlab.com/ee/api/ (depending on GitLab version) to have the latest API
documentation.
110
GitLab exposes an HTTP-based API which is usually accessible via “/api/v4/<ENTITY TYPE>”,
where “v4” is the currently supported API version.
Authentication
Most API requests require authentication, or will only return public data when authentication
is not provided. For those cases where it is not required, this will be mentioned in the
documentation for each individual endpoint. For example, the /projects/endpoint.
There are a few GitLab authentication methods. We will be using personal access tokens
which is the most simple way to access GitLab API objects.
A token is a string which stores sets of characters (for example, “9koXpg98eAheJpvBs5tK”).
This string can be used to perform authentication.
Note: token IS NOT a password. You still need a password to access GitLab UI but you may
use token to work with API directly.
First, you need to access GitLab UI using your working account. We want to perform API
activities using the root account. Once you are logged in, click on the user icon on the top
right corner.
In the “Personal Access Tokens” window gives a new token a name and specify scope “api”
and press “Create personal access token”.
111
Once you clicked on “Create personal access token” GitLab shows the token on the screen.
Don’t forget to store it somewhere since there will be no possibilities to access it again. In our
example, “1X-TyHMnB5WFGdDxpwmr” is our personal access token for the user “root”.
Now we have the root personal access token. First, access some data available only for
GitLab administrators without using token:
$ curl --silent http://gitlab.example.com/api/v4/users
{"message":"403 Forbidden - Not authorized to access /api/v4/users"}
This is an expected output because an unauthorized user is not allowed to access GitLab
user information for security reasons.
Previously, we created a GitLab token. Now we can use it to access user information. There
are 2 types how we can pass access token to GitLab:
● As part of URL
● As part of Headers
112
"avatar_url":
"https://www.gravatar.com/avatar/b58996c504c5638798eb6b511e6f49af?s=80&d=id
enticon",
"bio": null,
"can_create_group": true,
...
<OUTPUT OMITTED>
...
Note: User “root” is a GitLab administrator. Once it is authentication against API, all
information will be accessible using API. As you can see now, curl returned some information
about users which tells us that token worked fine.
It worked again! All next examples will use private access tokens to work with API.
GET Access one or more resources and return the result as JSON.
POST Return 201 Created if the resource is successfully created and return
the newly created resource as JSON.
113
Refer to the official GitLab documentation for the full list of status codes at
https://docs.gitlab.com/ee/api/#status-codes
List projects
Using the root private access token we may receive full project information using
“/api/v4/projects” API url.
$ curl --silent --header "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects | jq
[
{
"_links": {
"events": "http://gitlab.example.com/api/v4/projects/1/events",
"issues": "http://gitlab.example.com/api/v4/projects/1/issues",
"labels": "http://gitlab.example.com/api/v4/projects/1/labels",
"members":
"http://gitlab.example.com/api/v4/projects/1/members",
"merge_requests":
"http://gitlab.example.com/api/v4/projects/1/merge_requests",
"repo_branches":
"http://gitlab.example.com/api/v4/projects/1/repository/branches",
"self": "http://gitlab.example.com/api/v4/projects/1"
},
...
<OUTPUT OMITTED>
...
"printing_merge_request_link_enabled": true,
"public_jobs": true,
"readme_url":
"http://gitlab.example.com/root/first_repo/blob/master/README.md",
"request_access_enabled": false,
"resolve_outdated_diff_discussions": false,
"shared_runners_enabled": true,
"shared_with_groups": [],
"snippets_enabled": true,
"ssh_url_to_repo": "git@gitlab.example.com:root/first_repo.git",
"star_count": 0,
"tag_list": [],
"visibility": "public",
"web_url": "http://gitlab.example.com/root/first_repo",
114
"wiki_enabled": true
}
]
The output contains a list of projects. Each project has a number of properties. The data structure
looks like the following:
[
{
“property1”: “value1”,
“property2”: “value2”,
“property3”: “value3”,
<OTHER PROPERTIES>
},
{
“property1”: “value1”,
“property2”: “value2”,
“property3”: “value3”,
<OTHER PROPERTIES>
}
]
In order to display properties using jq, we can use project id and name:
$ curl --silent -X GET --header "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects | jq ".[] | { id, name}"
{
"id": 1,
"name": "first_repo"
}
Note! We used “-X GET” to access the data which is the default behavior of curl. We just
wanted to highlight that project list can be obtained using GET HTTP request.
The “jq” utility allows us to display only id and name properties in the this example. You will
learn the structure of the queries as we go.
In our example, we have only one project. In real-life, the number of projects can go up to
thousand and the output will be too large. GitLab API has a capability to search objects using
the “search” URL parameter. We just need to add it to our URL request:
Let’s display properties using jq. We only need project id and name:
$ curl --silent -X GET --header "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects?search=first_repo | jq ".[] | { id, name}"
115
{
"id": 1,
"name": "first_repo"
}
Note: There is no difference in the output since we are searching for the project using specific
name.
Most of the times, only basic information about project is required. You do not need the full list
of properties on daily basis. GitLab helps to reduce output to a simple view using “simple=true”
url parameter:
$ curl --silent -X GET --header "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects?simple=true | jq
[
{
"id": 1,
"description": "The first GitLab Repo",
"name": "first_repo",
"name_with_namespace": "Administrator / first_repo",
"path": "first_repo",
"path_with_namespace": "root/first_repo",
"created_at": "2018-09-16T19:21:50.385Z",
"default_branch": "master",
"tag_list": [],
"ssh_url_to_repo": "git@gitlab.example.com:root/first_repo.git",
"http_url_to_repo": "http://gitlab.example.com/root/first_repo.git",
"web_url": "http://gitlab.example.com/root/first_repo",
"readme_url":
"http://gitlab.example.com/root/first_repo/blob/master/README.md",
"avatar_url": null,
"star_count": 0,
"forks_count": 0,
"last_activity_at": "2018-09-16T20:24:52.208Z",
"namespace": {
"id": 1,
"name": "root",
"path": "root",
"kind": "user",
"full_path": "root",
"parent_id": null
}
}
]
This time GitLab returned significantly less data, as it was shown during the first list example.
116
Get single project
A single project can be shown if ID or project name is known. Previously, we gathered project id
“1” for the “first_repo” project.
You may access project data as follows using ID using “/api/v4/projects/<ID>” API object:
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects/1 | jq
{
"id": 1,
"description": "The first GitLab Repo",
"name": "first_repo",
"name_with_namespace": "Administrator / first_repo",
...
<OUTPUT OMITTED>
...
Same data can be retrieved using “URL” encoded project name. If using namespaced API calls,
make sure that the NAMESPACE/PROJECT_NAME is URL-encoded. For example, / is
represented by %2F. For our particular example, project “first_demo” is available in the “root”
namespace. So, URL encoded project path will be “root%2Ffirst_repo”.
Create a project
A user can create a GitLab project by accessing “/api/v4/projects” URL using POST method.
Project API expects to have the name of project path as API parameters to be able to create a
new project. At least one has to be provided.
117
$ curl -s -X POST -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects?name=demo1 | jq ".[] | {id,
name}"
{
"id": 2,
"name": "demo1"
}
Note: “-X POST” requests are required to submit new data to GitLab via API call and create a
project.
You may want to verify that the project has been created from GitLab WebUI under root user:
The project has been created successfully. You could pass additional and not mandatory
parameters like “description” but we want to modify them later in the book.
If we will try to create project again using the name which already taken GitLab to return the
following error message:
$ curl -s -X POST -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects?name=demo1 | jq ".[] | {id,
name}"
{
"id": null,
"name": [
"has already been taken"
]
}
Now we want to show you how to create a project with complex data:
$ curl -s -X POST -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr" -H "Content-
Type: application/json" -d '{"name": "demo2", "description": "Demo project
2"}' http://gitlab.example.com/api/v4/projects | jq
{
"id": 3,
"description": "Demo project 2",
"name": "demo2",
"name_with_namespace": "Administrator / demo2",
118
"path": "demo2",
"path_with_namespace": "root/demo2",
<OUTPUT OMITTED>
We create a new project “demo2” with description “Demo project 2”. Instead of passing
parameters as a part of URL we passed them as a JSON object. The following snippet shows
how to pass a list of parameters using curl:
-H "Content-Type: application/json" -d '{"name": "demo2", "description": "Demo
project 2"}'
GitLab WebUI now shows the following:
Previously, we created a project “demo1” without description. Let’s verify that description
property is empty.
$ curl -s -X GET --header "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects?search=demo1 | jq
".[].description"
null
The project demo2 has been created in the “root” namespace and URL encoded project name
will be “root%2Fdemo1”.
Note: We may also use a numeric ID to work with project properties. GitLab API expects project
id or URL encoded project path to be able to update project properties.
119
<OUTPUT OMITTED>
Note: “-X PUT” is required to update a project. We also highlighted important data for better
understanding.
Delete project
The project can be deleted by ID or URL encoded project name using DELETE request type at
“/api/v4/projects/<PROJECT ID>”
Note! The output above shows project demo2 properties. This means that the project exists.
120
Note! GitLab was not able to find any projects with the name “demo2”.
Get details about the user named “user” (using /api/v4/users/<USER ID>)
$ curl -s -X GET --header "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/users/2 | jq ". | {name, id, username}"
{
"name": "user",
"id": 2,
"username": "user"
}
121
Parameter Value
email demouser1@example.com
username demouser1
password DevOps123
It looks like the user “demouser1” exists but doesn't have any bio information which we are
going to update:
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/users?search="demo" | jq ".[].bio"
null
122
Note! In the example above, we used “jq” to display only the “bio” user property.
Finally, we want to grant user “demouser1” access permissions to work on a demo project we
created recently (“demo1”). This is a part of project administration tasks and this feature is
accessible using “/api/v4/projects” URL.
The project “demo1” is located under the “root” namespace and its URL encoded name is
“root%2Fdemo1”. We can access the project users using “/api/v4/projects/<PROJECT
ID>/users”:
123
Well done! Now the user “demouser1” has Developer access to the project “demo1”.
We can verify that using GitLab Web UI:
● Login as “root”
● Go to “Projects” => “Your projects”
● Click on “demo1”
● Make sure that “Demo User @demouser1” exists and has proper access rights
(“Developer”).
Managing branches
By default, GitLab creates the “master” branch for a GitLab repository. You may list all repository
branches by GET at “/api/v4/projects/<PROJECT ID>/repository/branches”.
124
First, we need to initiate the repository using git CLI. In the next example, we are going to create
a README.md file and push it to the repo.
We need to know project URL:
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects/root%2Fdemo1 | jq
".http_url_to_repo"
"http://gitlab.example.com/root/demo1.git"
The following example lists all branches associated with project “demo1” which we created
recently:
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects/root%2Fdemo1/repository/branches
| jq
[
{
"name": "master",
"commit": {
...
<OUTPUT OMITTED>
…
},
"merged": false,
125
"protected": true,
"developers_can_push": false,
"developers_can_merge": false,
"can_push": true
}
]
We need to specify the source branch using “ref” parameter to be able to create a new branch
using master as a source branch. We also need to specify new branch name using the “branch”
parameter.
$ curl -s -X POST -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr" -H "Content-Type:
application/json" --data '{"ref": "master", "branch": "demobranch"}'
http://gitlab.example.com/api/v4/projects/root%2Fdemo1/repository/branches | jq
{
"name": "demobranch",
<OMITTED>
As we can see, the new branch has been successfully created via API.
All merge requests can be listed via API calls “/api/v4/merge_requests”. Project specific merge
requests are available using “/projects/<PROJECT ID>/merge_requests”.
We didn’t create any merge requests and need to create one to move forward. Once merge
request is created we will show you how to display merge request information and look for
created/opened/closed merge requests.
We need to specify the project, source, and target branches to create a merge request. We also
need to give a name to merge request and it is a good idea to provide some additional information
in the description property.
Let’s create a merge request for “demo1” project from “demobranch” to the “master” branch.
126
$ curl -s -X POST -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr" -H "Content-
Type: application/json" --data '{"source_branch": "demobranch",
"target_branch": "master", "title": "The first merge request",
"description": "This merge request do not implement anything" }'
http://gitlab.example.com/api/v4/projects/root%2Fdemo1/merge_requests | jq
{
"id": 1,
"iid": 1,
"project_id": 3,
"title": "The first merge request",
"description": "This merge request do not implement anything",
"state": "opened",
...
<OUTPUT OMITTED>
...
Well, we created a merge request. Let’s verify that it was created using GitLab UI:
● Login using root account
● Click on “demo1” project
● Click on “Mere Requests” on the left panel
127
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects/root%2Fdemo1/merge_requests | jq
".[] | {id, title, description, source_branch, target_branch}"
{
"id": 1,
"title": "The first merge request",
"description": "This merge request do not implement anything",
"source_branch": "demobranch",
"target_branch": "master"
}
API allows to look for merge requests by their state. For example, we can show merge requests
which are in “opened” state:
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects/root%2Fdemo1/merge_requests?state
=opened | jq ".[] | {id, title, description, source_branch, target_branch}"
{
"id": 1,
"title": "The first merge request",
"description": "This merge request do not implement anything",
"source_branch": "demobranch",
"target_branch": "master"
}
Both our branches are equal and there are no changes between them. We need to push an update
to the “demobranch” branch to show you how to handle merge requests approvals using API.
Clone demo1 project again and switch to demobranch branch using GIT CLI:
$ cd .. ; rm -rf demo1
$ git clone -b demobranch http://gitlab.example.com/root/demo1.git
Cloning into 'demo1'...
Username for 'http://gitlab.example.com': root
Password for 'http://root@gitlab.example.com': DevOps123
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
128
Username for 'http://gitlab.example.com': root
Password for 'http://root@gitlab.example.com': DevOps123
...
<OUTPUT OMITTED>
...
To http://gitlab.example.com/root/demo1.git
be593c2..14bdd42 demobranch -> demobranch
We have merge request. It has a number of changes (added example.txt). Now it is a good time
to merge it using API. Merge request approval is done using PUT at
/api/v4/projects/<PROJECT ID>/merge_requests/<MERGE REQUEST ID>/merge
First check merge request ID we want to accept:
129
$ curl -s -X GET -H "Private-Token: 1X-TyHMnB5WFGdDxpwmr"
http://gitlab.example.com/api/v4/projects/root%2Fdemo1/merge_requests | jq
".[].iid"
1
130
Note: that pipeline currently in the failed state. It’s going to change once we reach the
integration part with Jenkins.
In the example above, we have shown you how to work with GItLab via its API. You created a
project, a new branch from the master branch, a user. You gave user access to the project, and
finally, you created and merged a merge request. This is something that you can use to automate
your code development, test, and even deployment at work.
131
Using Jenkins API
Jenkins API
As we mentioned before Jenkins provides API which allows performing basic Jenkins
management like create and execute a job.
You may want to use additional API documentation which is available on Jenkins homepage:
https://wiki.jenkins.io/display/JENKINS/Remote+access+API. Also, if you have jenkins installed,
you may access documentation at “<JENKINS_URL>/api” like
http://jenkins.example.com:8080/api/. The example page is shown below:
Jenkins comes with XML-based API by default. JSON-based API is also available.
You may try to access XML-based API via the following link in our environment:
http://jenkins.example.com:8080/api/xml. If you try to open this URL in your browser, you should
see similar to the following:
132
JSON-based API is accessible via http://jenkins.example.com:8080/api/json?pretty=true. Here is
an example of output:
133
Authentication
Most of the API functions require authentication. If you will try to access API without authentication
Jenkins API will return an error:
$ curl -s http://jenkins.example.com:8080/api/json
...
<OUTPUT OMITTED>
...
Authentication required
...
<OUTPUT OMITTED>
...
Username/password authentication
The pair username/password it is not recommended because the risk of revealing the password,
and the human tendency to reuse the same password in different places. However, you may still
want to use it to quickly check something in a lab environment.
Recently we created an admin user with name “jenkins” and password “DevOps”. Let’s try to
access root json api object:
$ curl -s -u jenkins:DevOps123 http://jenkins.example.com:8080/api/json |
jq
{
"_class": "hudson.model.Hudson",
"assignedLabels": [
{
"name": "master"
}
],
"mode": "NORMAL",
"nodeDescription": "the master Jenkins node",
...
<OUTPUT OMITTED>
...
Note: We do not recommend using this method as you are exposing your username credentials,
and it does not work very well if you have 2 factor authentication or one time passwords.
Username/token authentication
To make scripted clients (such as wget) invoke operations that require authorization (such as
scheduling a build), use HTTP BASIC authentication to specify the username and the API token.
This is often more convenient than emulating the form-based authentication. You need to an API
token to use this feature.
134
The API token is available in your personal configuration page. You may generate a new API
token as follows:
● Login as “jenkins” at http://jenkins.example.com:8080
● Click your name on the top right corner on every page, then click "Configure":
● On the “API token” Section click locate the “Add new Token” button:
● Click on “Add new Token” and specify the token name. It can be any string. Click on the
“Generate” button:
135
In out case token is “11f51e6fcf746d94b3b2a4f7db3760df51”. We are going to use this token in
the next labs.
We can verify that username/token authentication works fine by using token instead of password
as shown below:
$ curl -s -u jenkins:11f51e6fcf746d94b3b2a4f7db3760df51
http://jenkins.example.com:8080/api/json | jq
{
"_class": "hudson.model.Hudson",
"assignedLabels": [
{
"name": "master"
}
],
"mode": "NORMAL",
"nodeDescription": "the master Jenkins node",
...
<OUTPUT OMITTED>
...
Note! We used token instead of password.
Tokens are the most preferred method for Jenkins API authentication because you can generate
tokens per your application and automation tool and then easily revoke when needed. So try to
avoid using password authentication.
List jobs
Jenkins return job list as a part of /api/json object. The job list can be obtained as shown below:
$ curl -s -u jenkins:11f51e6fcf746d94b3b2a4f7db3760df51
http://jenkins.example.com:8080/api/json | jq .jobs
[
{
"_class": "org.jenkinsci.plugins.workflow.job.WorkflowJob",
"name": "pipeline1",
"url": "http://jenkins.example.com:8080/job/pipeline1/",
"color": "red"
}
]
The output may contain a lot of lines which will be difficult to read and parse. API allows to limit
json objects returned using filters.
For example, if there is a need to return just all objects in jobs tree, you may want to use the
following:
136
$ curl -s -g -u jenkins:11f51e6fcf746d94b3b2a4f7db3760df51
"http://jenkins.example.com:8080/api/json?tree=jobs[name,url]" | jq
{
"_class": "hudson.model.Hudson",
"jobs": [
{
"_class": "org.jenkinsci.plugins.workflow.job.WorkflowJob",
"name": "pipeline1",
"url": "http://jenkins.example.com:8080/job/pipeline1/"
}
]
}
Note! Curl “-g” option switches off the "URL globbing parser". When you set this option, you can
specify URLs that contain the letters {}[] without having them being interpreted by curl itself. These
letters are not normal legal URL contents but they should be encoded according to the URI
standard.
The API request above limited tree returned by api to “jobs” object which includes a list of jobs.
We also requested to limit fields to be displayed to name and URL. This means that _class, name
and URL fields will be returned.
Create a Job
Job creation process required to pass XML job definition to API. It may be a bit difficult for those
who is unfamiliar how jobs are defined in their configuration files. But worry not, there is a simple
way to gather XML job definition, we can get configuration from another job and then use it as a
template.
The example above returned job URL http://jenkins.example.com:8080/job/pipeline1/. We are
going to use this URL to access job configuration object.
$ curl -s -u jenkins:11f51e6fcf746d94b3b2a4f7db3760df51
http://jenkins.example.com:8080/job/pipeline1/config.xml
<?xml version='1.1' encoding='UTF-8'?>
<flow-definition plugin="workflow-job@2.24">
<actions/>
<description></description>
<keepDependencies>false</keepDependencies>
<properties/>
<definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition"
plugin="workflow-cps@2.54">
<script>node {
stage("Stage 1") {
echo "Step 1"
}
stage("Stage 2") {
137
echo "Step 2"
}
stage("Stage 3") {
echo "Step 3"
}
}</script>
<sandbox>true</sandbox>
</definition>
<triggers/>
<disabled>false</disabled>
</flow-definition>
Note! This returns a XML object (not JSON)!
You may want to save this output to a separate file since we need to pass it to API during job
creation process. This can be easily achieved via:
Check jobs:
$ curl -s -g -u jenkins:11f51e6fcf746d94b3b2a4f7db3760df51
"http://jenkins.example.com:8080/api/json?tree=jobs[name]" | jq
138
{
"_class": "hudson.model.Hudson",
"jobs": [
{
"_class": "org.jenkinsci.plugins.workflow.job.WorkflowJob",
"name": "newjob1"
},
{
"_class": "org.jenkinsci.plugins.workflow.job.WorkflowJob",
"name": "pipeline1"
}
]
}
You may also want to verify that job exists using web interface:
Looks good and both jobs are available. The job “newjob1” we just created is a copy of the job
“pipeline1”.
Trigger a build
Previously we create a new job named “newjob1” which is a copy of pipeline1. Jenkins API
allows executing a job remotely. This can be achieved by POST request to
“/job/<JOBNAME>/build”
Let’s start a build for newjob1:
$ curl -X POST -s -u jenkins:11f51e6fcf746d94b3b2a4f7db3760df51
http://jenkins.example.com:8080/job/newjob1/build
Once you run the command, Jenkins should show that the job last build is successful.
139
This simple method allows you triggering Jenkins jobs remotely from other systems or as a part
of another pipeline. We will work with this kind of tasks in the following Chapters.
140
Making GitLab and Jenkins to work together
Why we need it
In the previous chapters, we worked with Jenkins and GitLab separately. Now it is time to move
all the pieces together. It’s quite important to understand why we need to do the integration
between Jenkins and GitLab if we want to make a step further towards real DevOps. This is where
you start feeling the real power of both GitLab and Jenkins when they are working together as
one thing in your DevOps environment.
In this Chapter, we need both GitLab and Jenkins servers up and running, so Chapters Getting
Started with GitLab and Getting Started with Jenkins are prerequisites for this Chapter.
141
In this configuration, Jenkins gets Pipeline script (called Jenkinsfile) from GitLab each time
pipeline starts. This approach has a number of advantages:
● Your pipeline is under version control system
● You don’t have to update your Jenkins job each time when you want to modify it - it is
enough to push new changes to git
Note! This approach is also applicable to any GIT repository management systems like GitLab,
GitHub, BitBucket, Gogs. It doesn’t require any GitLab special configuration.
Parameter Value
Name pipeline3
142
● Click on “Create project” button
When project is created it will be initialized with empty “README.md” file.
We need to put a pipeline file under the root of the repository. By default, jenkins uses the file
named “Jenkinsfile” as pipeline script. We want to keep the default pipeline file name. Let’s
create pipeline script named “Jenkinsfile”. Please make sure that “J” is capitalized. We may want
to use git CLI to create the file and push changes to git. GitLab also supports Web UI to do a
commit.
● Click on the “+” button
● Choose “New file” as shown below
143
}
stage("Verify") {
sh 'true'
}
}
Note! This is a demo pipeline which we are going to modify. Just for now it is enough to check the
integration. We are also going to explain all stages in details.
● Click on the “Commit changes” button
● Make sure that both README.md and Jenkinsfile exist in the repository
144
● Log in Jenkins
● Click on “New Item” in the left panel
145
● Choose “Pipeline script from SCM” at “Pipeline” section:
● Choose proper Credentials to access the repository. If credentials have not been
configured click on “Add” button and choose “Jenkins”
146
● Type username and password to access the GitLab repo and press Add
147
Once the job is created, you may want to start the job.
148
Well! It works.
Let’s check that the pipeline has been cloned from GIT. Check the build results. Click on the link
named “#1” (or any other build number).
You should see a number of git commands and Git repository URL.
Sometimes it is required to change the job. In case of using pipelines stored directly in GIT, all
changes are done by updating GIT. In our example, we want to add an additional simple stage.
149
Let’s update “Jenkinsfile” on our repository URL according to new requirements. Here is the
example of new Jenkinsfile (we highlighted the difference):
node {
stage("Checkout") {
checkout scm
}
stage("Verify") {
sh 'true'
}
stage("Cleanup") {
sh 'true'
}
}
Note! You can use the command “git” or GitLab UI. The following example is based on CLI “git”
command on Jenkins VM:
● Clone the repository
$ git clone http://gitlab.example.com/user/pipeline3.git
Cloning into 'pipeline3'...
Username for 'http://gitlab.example.com': user
Password for 'http://user@gitlab.example.com': DevOps123
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.
● Update Jenkinsfile
$ cd pipeline3/
$ cat <<EOF >Jenkinsfile
node {
stage("Checkout") {
checkout scm
}
stage("Verify") {
sh 'true'
}
stage("Cleanup") {
sh 'true'
}
}
EOF
$ git add Jenkinsfile
$ git commit -m "updated Jenkinsfile"
$ git push origin master
150
Username for 'http://gitlab.example.com': user
Password for 'http://user@gitlab.example.com': DevOps123
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 331 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To http://gitlab.example.com/user/pipeline3.git
8a8c902..c2d9d16 master -> master
Let’s re-run Jenkins pipeline by pressing on “Build Now” button on the left panel of the job.
● Go to http://jenkins.example.com:8080/job/pipeline3/
● Press “Build Now”
You may see that task has been updated successfully (Cleanup stage is shown).
What have we just done? We configured Jenkins to keep our pipeline script in GIT. This approach
is used in the most production-like installation.
151
code against a number of rules, and also try to build artifacts and try to deploy on a test system.
There are multiple ways to achieve that behavior. We will be describing all of the methods below.
● Check “Poll SCM” and configure Jenkins to check for update every minute
These changes are enough to enable Jenkins polling. Jenkins should now start the job if we push
new changes to the repository. Let’s push a new commit to the repository.
152
Note! You can use the command “git” or GitLab UI. The following example is based on CLI “git”
command. Go back to Jenkins VM and do the following:
● Update Jenkinsfile
$ cd ~/pipeline3/
$ cat <<EOF > Jenkinsfile
node {
stage("Checkout") {
checkout scm
}
stage("Verify") {
sh 'date'
}
stage("Cleanup") {
sh 'true'
}
}
EOF
153
Note! Jenkins doesn’t execute the job immediately. It polls for updates once a minute. You may
be needed to wait for one more minute.
154
● Click on the “Available” tab and type GitLab
● Install the plugin by pressing “Download now and install after restart”. Click on “Restart
Jenkins when installation is complete and no jobs are running”.
155
● Wait until installation is done and Jenkins is restarted
On the left sidebar go to Access Tokens and create personal access token with API access.
156
Once the token is generated you need to copy it to a temporary location or leave this tab open
because once you close this page, you won’t be able to see this token anymore.
The following step is to configure Jenkins to connect to GitLab using API token we just created.
157
And then Add Credentials
In the credential Kind drop-down menu choose GitLab API token and fill in all the fields and
press save.
● API token: <paste GitLab token we have just created>
● ID: gitlab.example.com
● Description: GitLab Server
158
We got this new section enabled once we installed the GitLab plugin in the last chapter.
Note: If it happens that you do not have this section in Jenkins, just navigate to Jenkins plugin
manager, install GitLab plugin, and restart Jenkins server.
Fill in all the information for GitLab connectivity and press Test Connection:
● Enable authentication for '/project' end-point: unchecked
● Connection name: gitlab_server
● GitLab host URL: http://gitlab.example.com/
● Credentials: GitLab API token (GitLab Server)
If you see a Success message, then you are on the right path and we have established
connectivity with Gitlab Server.
159
Automatic job triggering via GitLab
At this moment we have Jenkins server to be able to download Jenkinsfile along with all the code
from GitLab server and execute it when we run Jenkins jobs manually or execute pipeline if the
new code is available.
Can we do better? Sure, we can configure Jenkins to automatically start the job when we push
the changes to GitLab and this is what we do next. It looks very similar as we’ve done before. But
there is a big difference. This method allows to trigger job and report job status back to GitLab.
This also allows configuring integration in a better way. For example, verify code on merge request
event.
When the new set of option appears, leave only Push Events selected.
Click on Advanced and Generate a new Token by pressing on the “Generate” button.
Note! You need to copy this secret token since it will be required in GitLab project configuration
160
Save the changes.
Note! We are going to show several ways of integration, the build trigger configuration will be
changed several times.
In the integration section add a new webhook with the following parameters:
- URL: http://jenkins.example.com:8080/project/pipeline3
- Token: Jenkins secret token we created during job configuration
- Trigger - leave only push events selected
- SSL Verification - unchecked.
161
By default, GitLab is not allowed to send webhooks over LAN subnets. That’s strange… but we
can fix it.
Click on Expand button. From there, select Allow requests to the local network from hooks and
services and save the changes. That was not so obvious, right?
162
And you should see the following message:
Now we are ready to do the change in our project scripts and push the changes back to GitLab.
In this change, we want to add a simple python script and pipeline to check script syntax. This is
enough for this stage.
$ cd pipeline3
$ mkdir src
$ cat << EOF > src/simple_script.py
#!/use/bin/python
print("Hello word")
EOF
163
stage("Cleanup") {
sh 'true'
}
}
EOF
Done! You may want to make sure that Jenkins pipeline has been executed successfully. Open
the line http://jenkins.example.com:8080/job/pipeline3/ and make sure that the latest version of
the pipeline has been executed. You can see that it was triggered by GitLab:
We just configured Jenkins and GitLab to work together. Jenkins pipeline now checks that Python
code can be compiled. The job is started automatically triggered by GitLab push event.
You just became one step closer towards your automation of everything. There are few more
section to be done before we finish up in this chapter.
164
gitlabBuilds
gitlabBuilds notifies GitLab about Jenkins stage in progress. GitLabBuilds Basically reports to
GitLab that Jenkins job has been started and notifies about the stages it started executing.
gitlabBuilds DOES NOT notify GitLab about the status of every stage. Pipeline reports the status
via gitlabCommitStatus. The syntax of gitlabBuilds is as following:
gitlabBuilds(builds: ["stage_name"]) {
stage("stage_name") {
gitlabCommitStatus(name: "stage_name") {
<YOUR CODE GOES HERE>
}
}
}
gitlabCommitStatus
gitlabCommitStatus step notifies updates stage status that was created by gitlabBuilds step.
Whether it passed, failed or needs an approval, gitlabCommitStatus is going to report back to
GitLab. The syntax for gitlabCommitStatus is as following:
stage("stage_name") {
gitlabCommitStatus(name: "stage_name") {
<YOUR CODE GOES HERE>
}
}
165
}
}
}
gitlabBuilds(builds: ["Cleanup"]) {
stage("Cleanup") {
gitlabCommitStatus(name: "Cleanup") {
sh 'sleep 60'
}
}
}
}
Note! make sure you put your gitlabCommitStatus or other similar steps after the SCM
step that clones your project's source. Otherwise, you may get HTTP 400 errors, or you
may find build status being sent to the wrong repo.
This should trigger the Jenkins job. Jenkins itself should be notifying GitLab about the progress
of this job. Navigate back to GitLab first_repo at http://gitlab.example.com/user/pipeline3, at
sidebar click on CI/CD -> Pipelines.
In GitLab pipelines page, we should be able to see our Jenkins job status in running state.
166
Click on running to go to pipeline details.
These are our 2 stages. You may note that Cleanup stage is still in progress (market as green).
After some time pipeline will be in passed state:
167
This method doesn’t require to go to Jenkins each every time you need to know build status.
Application
For education purposes, we will still use the same python script. The script will emulate a real
application. We need to check that script syntax is OK.
168
● Click Edit to modify web hooks settings
● Check “Merge request events” and “Pipeline events”, uncheck “Push events”:
● Check “Only allow merge requests to be merged if the pipeline succeeds” and press
“Save changes”
169
Note! We do not need other features related to merge requests.
Note! “Rebuild open Merge Requests” is set to “On Push to source branch”. This feature
allows to rerun opened pipeline if the new code is available in source branch.
Jenkins job should understand from where to clone code for the pipeline. With merge requests
code is checkout from special repositories. You may find a details description at GitLab Plugin
home page https://github.com/jenkinsci/gitlab-plugin#git-configuration. Right now we need to
change the number of Job Git-related settings:
170
● Scroll down to Pipeline settings
● Click “Advanced” in “Repositories” section:
○ Name: origin
○ Refspec: “+refs/heads/*:refs/remotes/origin/* +refs/merge-requests/*/head:refs/remotes/origin/merge-
requests/*”
Note: Refspec value is a single line inside double quotes “”
171
$ cd ~/pipeline3
$ git checkout -b feature1
Switched to a new branch 'feature1'
Now update our Jenkinsfile. Please note that we added pylint shell command.
$ cat Jenkinsfile
node {
stage("Checkout") {
checkout scm
}
gitlabBuilds(builds: ["Verify"]) {
stage("Verify") {
gitlabCommitStatus(name: "Verify") {
sh 'python -m py_compile src/*.py'
sh 'pylint src/*.py'
}
}
}
gitlabBuilds(builds: ["Cleanup"]) {
stage("Cleanup") {
gitlabCommitStatus(name: "Cleanup") {
sh 'sleep 60'
}
}
}
}
172
We can create now a merge request to merge changes from our “feature1” branch to the master
branch. This may be achieved by GitLab Web UI:
● Open your browser at http://gitlab.example.com/user/pipeline3/merge_requests
● Make sure that Source branch is “feature1” and destination branch is “master”
GitLab triggers Jenkins pipeline automatically. You may see progress for the pipeline in Jenkins:
173
Our pipeline fails:
Click on Verify stage and “Logs” and see the output. We have shown an output snipped. Similar
information can be produced by “pylint src/*.py”
[pipeline3] Running shell script
+ pylint src/simple_script.py
No config file found, using default configuration
************* Module simple_script
C: 2, 0: Unnecessary parens after 'print' keyword (superfluous-parens)
C: 1, 0: Missing module docstring (missing-docstring)
It looks like “pylint” dislikes our code. We are using python2 in our examples. Let’s modify the
script to be aligned with pylint requirements:
$ cat src/simple_script.py
#!/use/bin/python
"""Example script to learn CI/CD processes """
print "Hello world"
174
You may also see progress from GitLab merge request view:
Once pipeline succeeds you may merge the code by pressing “Merge”:
Let’s merge the code. You can check “remove source branch” box if you want, this will remove
feature1 branch after the merge is complete and our changes are pushed to master branch.
175
More options of integration
You may always visit the home page of GitLab plugin for advanced options:
https://github.com/jenkinsci/gitlab-plugin
Conclusions
The configuration we have covered in this book is very similar to what a lot of companies are
using in production. Integration with merge requests allows every developer to trigger pipeline on
merge request event. Pipeline highlights all problems and GitLab is configured to not allow
merging code which is not ready for production. If an error occurs, GItLab prevents pressing
“Merge” button by disabling that. This gives an additional layer of readiness testing.
176